SSL certificate update for https connection

sztop · 6 December 2021 09:34

Hello, I have a Datashield instance in the docker container and I am trying to connect to opal using https as follows:o <- opal.login("administrator", "password", url="https://datashield-opal:8443"

I got an error message:

SSL: certificate subject name (localhost) does not match target host name 'datashield-opal'

I added a new certificate using the opal UI but after downloading the certificate from the opal url it looks like it has not been updated:

echo -n | openssl s_client -showcerts -connect datashield-opal:8443 -servername datashield-opal \
 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/, /-END CERTIFICATE-/p' \
 >> cert.crt

and then

openssl req -x509 -noout -serial -subject -in cert.crt

returns:

subject=CN = localhost, OU = Opal, O = localhost, L =, ST =, C =

Any ideas on how to handle the certificate in a containers environment where default certificate is not working?

yannick · 7 December 2021 11:16

Hi,

Use a reverse proxy to access opal (whether in a docker container or not). It will be much simpler to manage certificates, security headers, ssl cipher suite etc. See example in documentation: https://opaldoc.obiba.org/en/latest/admin/configuration.html#reverse-proxy-configuration

Regards
Yannick

Topic		Replies	Views
Opal 5.0-RC3 regression due to increased security of TLS endpoint (?) when using self-signed certs (default) Support v5	4	43	15 October 2024
SSL-certificate check fails on local opal.login connection Beginner Support	3	1186	24 February 2022
SSL-connection to localhost Opal fails Developer support	2	384	2 February 2023
CSRF warning thrown when logging in Beginner Support	3	418	6 December 2021
Question wrt assigning data from Opal server (dsBase 6.0.1) Analyst Support	3	468	10 September 2020

SSL certificate update for https connection

Related topics