Changing Default Cattle SSL Cert

Hi,

I’ve used openSSL to create a self-signed cert. When I launched the rancher/server I made sure that the cert I created was attached with the information specified in rancher docs. But when I tried to use https and add the cert as a CA, it keeps referring to a cattle cert which is an untrusted issuer. In other words, I am not able to use the self-signed cert that I’ve exported from localhost from rancher. How would I go about fixing this?

Thanks,
Uche

I presume you are trying to access the Rancher server via an HTTPS reverse proxy? I also presume that you are using Nginx or HAproxy to terminate the HTTPS and forward to rancher via HTTP.

When you created the self-signed-cert, did you create it as a certificate authority? If you just created it as a standalone certificate, then I don’t think that you can add that as a CA to avoid the certificate errors.

If you created a normal self signed certificate, try creating a Certificate Authority, and then use that CA to create a web server certificate for Rancher. You can import the CA certificate into your browser as a trusted CA and then you shouldn’t get the certificate errors.