You can use your pfSense Certificate Authority (CA) to generate a certificate for AlmaLinux Cockpit by following these steps:
Create a Server Certificate on pfSense:
- Log in to your pfSense web interface.
- Navigate to System > Cert Manager.
- Under the Certificates tab, click Add to create a new certificate.
- Fill in the details, ensuring you select your existing CA (
0=LocalNet,CN=pfsense-localnet-ca) as the signing CA. - Set the Common Name to
tifa.local.netand complete the other required fields. - Save the certificate.
Export the Certificate and Key:
- Once the certificate is created, export both the certificate and the private key.
- You can do this by clicking the Export button next to the certificate in the Cert Manager.
Transfer the Certificate and Key to AlmaLinux:
- Securely transfer the exported certificate and key files to your AlmaLinux server. You can use
scpor another secure method.
scp /path/to/exported/cert.pem user@almalinux:/etc/cockpit/ws-certs.d/tifa.local.net.cert scp /path/to/exported/key.pem user@almalinux:/etc/cockpit/ws-certs.d/tifa.local.net.key- Securely transfer the exported certificate and key files to your AlmaLinux server. You can use
Set Permissions:
- Ensure the certificate and key files have the correct permissions.
sudo chown root:cockpit-ws /etc/cockpit/ws-certs.d/tifa.local.net.* sudo chmod 640 /etc/cockpit/ws-certs.d/tifa.local.net.*Restart Cockpit:
- Restart the Cockpit service to apply the new certificate.
sudo systemctl restart cockpit