Hey,
I haven’t seen anything on this or was wondering if I overlooked this. Is there a way to use a custom SSL cert for the API?
I already have the signed wildcard cert sign and was wonder how to use it or where do I put it for vyos to use it.
I thought it would be in the auth folder but didn’t see anything.
vyos@vyos:~ cd /config/auth/ letsencrypt/ wireguard/ vyos@vyos:~ cd /config/auth/letsencrypt/
accounts/ renewal-hooks/
Hello @johnhok , VyOS uses the next path for HTTPS crypto materials in case if service https certificates system-generated-certificate configured
ssl_certificate /etc/ssl/certs/vyos-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/vyos-selfsign;
But I think that adding an advanced option with an existing certificate will be a good feature request
Thanks for that information. I imported my certs to the ssl_certificat folder (/etc/ssl/certs/) and change owners to root:root like the other and change the files permission. Then I change the ownership of the key to root:ssl-cert in the /etc/ssl/private/ folder.
I also have this
}
certificates {
system-generated-certificate {
lifetime 365
}
}
virtual-host api {
listen-port 1443
server-name blahblahblah.com
}
I am still getting a InsecureRequestWarning: Unverified HTTPS request is being made to host ‘blahblahblah.com’. Adding certificate verification is strongly advised. When requesting the API.
Thanks Dmitry. I will also make a request for adding an advanced option with an existing certificate. To feature request section.