Self-signed certificates

I’ve installed a pretty vanilla version of OnDemand v2, the only thing that I changed from default is that I configured SSL with self-signed certificate. I can’t use a non-self-signed certificate since this machine does not have a DNS record, just an IP address.

The error logs report TLS handshake error from xxxx remote error: tls: unknown certificate authority and the browser returns 404 for everything but the .well-known/openid-configuration

Is there a way to have it work with self-signed certificates, or do I need to fall on unencrypted connection?

Hello and welcome!

Using a self-signed cert should still work fine. What does the ssl option in your ood_portal.yml look like?

Thanks for the answer. My config file is simply like this:

 grep -v '^#' /etc/ood/config/ood_portal.yml | grep -v '^ *$'
---
port: 8443
ssl:
  - 'SSLCertificateFile "/etc/pki/tls/certs/localhost.crt"'
  - 'SSLCertificateKeyFile "/etc/pki/tls/private/localhost.key"'
auth:
  - 'AuthType Basic'
  - 'Require valid-user'

and the certificates are

ls -l /etc/pki/tls/certs/localhost.crt /etc/pki/tls/private/localhost.key
-rw-r--r-- 1 root root 3834 Jan 11  2022 /etc/pki/tls/certs/localhost.crt
-rw------- 1 root root 1704 Jan 11  2022 /etc/pki/tls/private/localhost.key

I also tried without changing auth from default, which I think implies OpenID which failed because it is not configured in my Apache – I eventually will want to get it working with LDAP but one step at the time

Thanks!

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.