Remake: Setting up Cockpit with a trusted SSL certificate (2021)

I did a remake for this video, since a couple of people have complained the previous version doesn't work for them.


I did a remake for both RHEL7 and RHEL8 connected to an IdM server on RHEL8.


In the video, I use a script on RHEL7 to concatenate the certificate and the key file. Drop this into /usr/local/sbin/cockpit_certs.sh and make it executable: https://gist.github.com/wzzrd/4790060...


The command that I issue on RHEL7 and RHEL8 to change the SELinux label on /etc/cockpit/ws-certs.d is:
semanage fcontext -a -t cert_t "/etc/cockpit/ws-certs.d(/.*)?"


Then, on RHEL7, I use this command to get the certificate:
"""
semanage fcontext -a -t cert_t "/etc/cockpit/ws-certs.d(/.*)?"
ipa-getcert request -f /etc/pki/tls/certs/$(hostname -f).cert -k /etc/pki/tls/private/$(hostname -f).key -D $(hostname -f) -C "/usr/local/sbin/cockpit_certs.sh $(hostname -f)" -K host/$(hostname -f)
"""



On RHEL8, the command is slightly different and simpler:
"""
ipa-getcert request -f /etc/cockpit/ws-certs.d/$(hostname -f).cert -k /etc/cockpit/ws-certs.d/$(hostname -f).key -D $(hostname -f) -K host/$(hostname -f) -m 0640 -o root:cockpit-ws -O root:root -M 0644
"""

Sound of the video is a little reverby. Sorry about that 😏


Blog that is more easy to copy-paste: https://100things.wzzrd.com/2021/06/1...