SSL/TLS certificate: Manual or automatic generation after company changes impossible (without Let's Encrypt)

There is Let’s Encrypt but it is not an obligation.

After installation of the server, there is a message to change the informations of the Company but the SSL/TLS certificate has not changed: “NethServer, O=Example Org, ST=SomeState, OU=Main”
-> https://IP:9090/nethserver#/certificates

1/ It will be easy to add the creation of a complete certificate (in nethgui and cockpit) manually.

Currently nothing here:

Can you see for add manually generation?

2/ There is no change of default certificates after company informations, can you add window for example “Do you want generate a new certificate?”:

In nethgui:


Do not forget that there are vhosts too.

Linked to:

You can modify it under System > Certificates > Edit self-signed Certificate.

We can think to add something at the end of signal-event. What do you think @giacomo? Obviuosly we need also to add a checkbox like “Edit also certificate settings”

It is linked to a bug!

Manual generation from:

  • nethgui: OK
  • cockpit: NOK (process not finished?)

What benefit is there to correcting organization information on a self-signed certificate that no browser’s going to trust anyway?

Edit: And this isn’t a bug in any sense of the word–it’s a feature request.

Do not forget that Let’s Encrypt has limited the number of certificate generation.

Yes, they have–to 50 new certs, per domain, per week. In what way do you believe this is relevant to this request?

I think that we can have the possibility to have a self-signed certificate.
Server admin can have the choice.

Of course we do–it’s installed on the system by default. What benefit is there to changing the organization information on a cert that no browser is going to trust anyway? I guess it doesn’t matter that much what I think–I certainly don’t run the project, and I wouldn’t be implementing this in any event–but it really seems that any effort at all invested into improving a self-signed cert would be wasted effort.

I’m just not understanding the server admin who, at the same time:

  • Cares what information is presented with his server’s TLS certificate, and
  • Doesn’t care whether any browser in the world trusts that certificate.

…especially when it’s easy and free to get a trusted cert. IMO, the only reason to have the self-signed cert at all is to let the server speak TLS long enough for you to install a real cert.

1 Like

Organization details and certificate were bound together and thatch choice created only problems.
The user is now free to change such info both on certificate page or on the organization details page.
I agree with @danb35: there is no reason to implement such a thing.

What is not really working? Can you please write down what is the expected behavior and what is missing? Can you also describe the steps to reproduce it?

(Note: I’m moving the topic to support category)

1 Like

The process is not finished in Cockpit for the generation of the new cert…
The connection is cut off.

6 posts were merged into an existing topic: Cockpit: SSL/TLS certificate update is not complete (no problem with Nethgui)