Setup Client Machines and Certificate Authorities
In order to encrypt network transport between the components of the system we make use of certificates. This is facilitated through the use of a self-generated Certificate Authority.
If you followed the installation procedure until here, you can open your server domain (default is https://aivero.lan). On any client machine, your browser will prevent you from opening the page due to a fault in the certificate configuration.
We are going to fix this now.
On the first startup, the server generates a certificate authority in the installation directory.
You can find it here:
This file needs to be installed on all devices that want to access the webUI of Aivero.
The installation process differs between operating systems and browsers:
Setup the certificate
Step 1: Show the generated certificate
Show certificate in terminal
cat /opt/aivero/ds/self-signed-certs/certs/rootCA.pem
The result should look something like this:
-----BEGIN CERTIFICATE-----
MIIFcjCCA1qgAwIBAgIUEJ5ukzHgiBCpKmG/YlJ+6/utfEgwDQYJKoZIhvcNAQEL
BQAwIzEhMB8GA1UEAwwYY2EuMTkyLTE2OC05OS0yNDgubmlwLmlvMB4XDTI0MDYw
NDEzMjQ1N1oXDTM0MDYwMjEzMjQ1N1owIzEhMB8GA1UEAwwYY2EuMTkyLTE2OC05
OS0yNDgubmlwLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAiy+K
MngXg5WNmwNLlo5KQTAz3kR3gm23XnlKHevZlydb8GRL65Mm792RSgAeO9hkl4i8
Tk/DAUL36hD+KrXYaRAANJ2zIrB191S4saXkcd5ZWTiBTw4XLMdqFNv9dWqMT1B3
5qmWiSvEyWG2RCyN2DWoPq3rD3BCEFr5zosdWzpq5DRi9u13IGonOJmqPpohfDCG
44pUv++3taDVbz4nM40CnWpUNyk6yRql2QFbicthXib4h+ksVn4Xgkm2dZELWIQH
VtO61cfxRZ/JHkn/iPcqmsQ5yWEHMbjfbWTJGQOqywDxknqc6EVHBe0swwF2Kbi0
zQVpZFDf+yOLoaA6R28XtZu4zvDIJHi1Q6ilLlv0o2YBPnJIRPgxjkrWVgL3B9Gd
m5I+3lMlPkkOqsu9ACCXuKU9B7Vazi95MbmAez/aK6liUWvJmEPuTZErU4a5jK88
mULFc9c4ADEt2yB0bTwHjDNTJWKOZLRAaoRrcfLLdJa543fDlA2aj1DiMEJBeh8l
2ne6jaTUepcRHxaxhNMD7aNNuU6PXGvcmBiID2tIVnYbWJzgYXQlNKr73g8TQsNY
R2WHMwQEUUwYMQxQL+qEIkxQJgtwFngCYYWntRpjZKuK4cl4evDXsZI/DYCDUWNn
5MIMm/KZFWcDUJs3okH87b4wvlN3esfbKZroNEUCAwEAAaOBnTCBmjAMBgNVHRME
BTADAQH/MB0GA1UdDgQWBBQOrXXjRrDC65fqZnv4SdCXBzlmATBeBgNVHSMEVzBV
gBQOrXXjRrDC65fqZnv4SdCXBzlmAaEnpCUwIzEhMB8GA1UEAwwYY2EuMTkyLTE2
OC05OS0yNDgubmlwLmlvghQQnm6TMeCIEKkqYb9iUn7r+618SDALBgNVHQ8EBAMC
AQYwDQYJKoZIhvcNAQELBQADggIBAEpTidG1t1cQJfbVXqPXVrFF4Q+NSIgd1Yys
476ASjl2UpEe2fZDEF9leSybeajaEwGuqXuev3ZnUAQW41VOJGSpf38KpvptT1gD
8HLNP4hKl6pUws4OzjEqrNjNKLa9gmExmxQiCnPqegUx4ckl/+g5SyYNAZKU38qi
/Pg9ZicVh6Yi0cv10jSON11gRYqWED5HbAoX1G+LItTtUagN1KUF38g0zAddIsiE
rNybbMBRg30nOTkKFmj9dXqzMUUGRC/fj0IQbdCJ9mY+Db0Ezeli3Hpcgef7BhD2
uB9+VKKFR7clZUL/J8TnqNFYhFqEQa225jCD8cEubH11zOmdHc334FOzaU9Zbc0R
ezp3PlDWf1SZJuJ6VeERhZcHFZFabNJFg1BefGbHyM1Jxo9ZSxCx6eiHhB5tt33K
uiJ6jbVdyTiF5cpoJ+5l5uqwrlzVK6peahgn0jHU2pi5+3YNJNVUjf5G9j0byvnD
WKNFH6CwzlTOJNoBgbgodNcaJrPQSs20wEtKzYwFuaUj96iU5zNpjYO7LWjPkRCT
F3gAVpwJsD3mSerSMaPmb777W8OCMqj3E16L+BRPeZscNmBxxxq+VkGHEOMtUFx9
SXm5oUtjqxRalxRHNBfDQOq4j8jqEwv3f/Bu4yOEQ+N5iypvBCB66RwqLHKw87NO
2ORFizCV
-----END CERTIFICATE-----
Step 2:
This is only necessary if you want to configure a second desktop machine to access the frontend.
Using a USB flash drive or any other method please place/share the certificate file at /opt/aivero/self-signed-certs/certs/rootCA.pem with the devices on which you wish to access the server front end.
Setup certificate on the browser side
Firefox
Step by Step
Open your settings and navigate to 'Privacy & Security'
Scroll down to the 'Security' section
Select 'View Certificates' and click 'Authorities'
Click 'Import', select your certificate, click 'Trust this CA to identify websites' and 'OK'.
You are done, test it (found at end of section).
Chrome
Open your settings and navigate to 'Privacy and security'
Click 'Security' and scroll down to the 'Manage Certificates' section
Click the 'Manage Certificates' section and select the 'Authorities' tab
Click import, find and add the certificate file and click 'Trust this certificate for identifying websites' and 'OK'
You are done, test it (found at end of section).
Test it
Now you can visit your installation at <https://aivero.lan> and register with an email.
Updated 4 months ago