SSL certificate update for https connection

Hello, I have a Datashield instance in the docker container and I am trying to connect to opal using https as follows:o <- opal.login("administrator", "password", url="https://datashield-opal:8443"

I got an error message:

SSL: certificate subject name (localhost) does not match target host name 'datashield-opal'

I added a new certificate using the opal UI but after downloading the certificate from the opal url it looks like it has not been updated:

echo -n | openssl s_client -showcerts -connect datashield-opal:8443 -servername datashield-opal \
 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/, /-END CERTIFICATE-/p' \
 >> cert.crt

and then

openssl req -x509 -noout -serial -subject -in cert.crt


subject=CN = localhost, OU = Opal, O = localhost, L =, ST =, C =

Any ideas on how to handle the certificate in a containers environment where default certificate is not working?


Use a reverse proxy to access opal (whether in a docker container or not). It will be much simpler to manage certificates, security headers, ssl cipher suite etc. See example in documentation: