Use your own certificates with Ubuntu Landscape
Spoiler: Ubuntu Landscape is a very practical tool for keeping your fleet of Ubuntu machines up to date. But if he used our certificates rather than his self-signed ones, that would be better. We will upload the certificates to the server, then modify the configuration files to take them into account.
Cette page est également disponible en français.
We saw how to install and configure Ubuntu Landscape. Since then, we have been informed daily of the state of the machines and of the necessary updates and these operations only take a click of the mouse, it is as much time saved :smile:.
But the basic installation uses a self-signed certificate generated during installation. Our browsers therefore ask us questions to agree to connect to it, and since they forget everything as soon as we close them, it starts again each time. It’s so much wasted time 😢.
So as we like to tamper with the bowels, and claim to have hacked the system, by replacing the certificates with ours, we share our findings with you. Because that’s how we are.
Upload your certificate
As you are pros at creating
certificates, I’m assuming you already have your two files available
(the key in
landscape.pem, the certificate
landscape.crt and your authority in
As the interface does not allow this type of manipulation, we will
transfer the files via
ssh and the account you used during
files should be copied to the following locations:
- La clé : will be in
- Les certificats : will feel better
Modification of the configuration
apache2 on its Ubuntu database, so the configuration files are in
/etc/apache2/site-available/landscape.conf. That we will
To populate our own files there, we’ll modify the
directives to use our files as follows:
SSLCertificateKeyFile /etc/ssl/private/landscape.pem SSLCertificateFile /etc/ssl/certs/landscape.crt SSLCertificateChainFile /etc/ssl/certs/ca.crt
And finally restart Apache.
sudo service apache2 restart
And after ?
We can access the administration interface in HTTPs, without the browser complaining about us for certificate issues. The authenticity of the connection is now certified by the browser.