Ubuntu Landscape is a very practical tool for keeping your fleet of Ubuntu machines up to date. But if he used our certificates rather than his self-signed ones, that would be better.
We saw how to install and configure Ubuntu Landscape. Since then, we have been informed daily of the state of the machines and of the necessary updates and these operations only take a click of the mouse, it is as much time saved :smile:.
But the basic installation uses a self-signed certificate generated during installation. Our browsers therefore ask us questions to agree to connect to it, and since they forget everything as soon as we close them, it starts again each time. It’s so much wasted time 😢.
So as we like to tamper with the bowels, and claim to have hacked the system, by replacing the certificates with ours, we share our findings with you. Because that's how we are.
We will upload the certificates to the server, then modify the configuration files to take them into account.
Upload your certificate
As you are pros at creating certificates, I'm assuming you already have your two files available (the key in
landscape.pem, the certificate in
landscape.crt and your authority in
As the interface does not allow this type of manipulation, we will transfer the files via
ssh and the account you used during installation. These files should be copied to the following locations:
- La clé : will be in
- Les certificats : will feel better in
Modification of the configuration
Landscape uses apache2 on its Ubuntu database, so the configuration files are in
/etc/apache2/site-available/landscape.conf. That we will therefore modify.
To populate our own files there, we'll modify the
SSL directives to use our files as follows:
SSLCertificateKeyFile /etc/ssl/private/landscape.pem SSLCertificateFile /etc/ssl/certs/landscape.crt SSLCertificateChainFile /etc/ssl/certs/ca.crt
And finally restart Apache.
sudo service apache2 restart
And after ?
We can access the administration interface in HTTPs, without the browser complaining about us for certificate issues. The authenticity of the connection is now certified by the browser.