Linux Setting up a TLS certificate for the Cockpit web service

Cockpit is a web-based graphical interface that enables you to manage most of the Linux administration tasks from one place by using plugins.

Ish Sookun

1 min read min read

The Cockpit web service runs on TCP port 9090 and uses a self-signed TLS certificate if none is provided. In order to specify a TLS certificate for the web service, simply drop the certificate with the extension .cert in the /etc/cockpit/ws-certs.d and the corresponding key file having same name but with the .key extension.

The key should not be encrypted, i.e protected by a passphrase.

If there are multiple certificate files in the directory, then the one with the highest priority is chosen after sorting.

The .cert file can also contain two OpenSSL style PEM blocks. The first block containing the BEGIN CERTIFICATE for the server certificate and intermediate certificate authorities, and the second block containing BEGIN PRIVATE KEY to hold the corresponding private key.