Cert Chain of Trust

KVM
1

Hi,

This is more a request for help. I am trying to have a trusted certificate installed on the device from cloudflare for the domain that I own.

I have generated the .crt and .key on the cloudflare website and deployed the files to /etc/kvmd/user/ssl as per the guide.

Rebooting the device initiates the new cert, but browsers do not trust it as they can not validate the CA.

I have tried combining the root CA cert into the CRT hoping the chain of trust is then visiable but I still get the same issue.

Any tips or guidance on how I can get this to work?

2

Could you please tell me the domain name you use to apply for certificates on Cloudflare.
For example, if you use abc.com to apply and add the .crt and .key in /etc/kvmd/user/ssl.
It can only works when accessing KVM using abc.com. It is ineffective to use an IP address or any other domain name.

4

So, I have tried with a wildcard and specific cert.

so to take your example abc.com. If I create a wildcard or specific cert to kvm.abc.com I will get a browser error asking for override as it can not confirm the issuer.

I am aware that if I used a DNS rewrite to a different name or the IP address it would ask me to override as it does not match the cert name

5

Yes, any DNS rewrite or redirection should point to that domain name, not replace it. The endpoint must be served using the certified domain.

6

So is the reason why a direct hit with the url is still having trust issues?

7

Have you created a wildcard or specific cert to which domain. And which domain you access still have the trust issue.

8

Hi,

I have tested with both. A specific kvm.abc.com and a wildcard for *.abc.com.

Both have issues verifying the CA, even though I have also tried embedding the Root CA as part of the crt as well

(I am using abc.com as an example rather than posting my own domain in a pubic forum)