@jqueiroz said in SSL Inspection Certificates:
Don't you love to find the answer by yourself just after asking in the community forum?
Create directory '/usr/local/share/ca-certificates'
Copy the needed certificates this place
Run /usr/sbin/update-ca-certificates [seems not be on the path].
@john-c said in SSL Inspection Certificates:
Also for future reference if you ever re-do a server note that XCP-ng's certificates can be done through the XO application.
Thanks. But, just for clarification, it wasn't the XO/XOA server certificate, was the certificates that sign all the HTTPS pages we visit.
I uncovered a much more effective and supported method that that one you done.
Follow the steps in the documentation for the XCP-ng hosts, utilising a certificate chain to include you custom CA certificate.
Not forgetting setting up a custom extra CA for xen orchestra via an additional configuration file documented in the documentation for XO VM.
Also by the way the method you did in the post above will be lost on upgrade, as well as likely not included in the backup feature process of XO application. However the links below will get included in the backup feature and the backup of XO configuration. Plus your method will potentially interfere with software update package which comes from the official repository, that updates the certificate authority certificates and their trusts.
https://xen-orchestra.com/docs/configuration.html#custom-certificate-authority
https://xen-orchestra.com/docs/configuration.html#https-and-certificates
https://docs.xenserver.com/en-us/citrix-hypervisor/hosts-pools.html#install-a-tls-certificate-on-your-server
https://docs.xcp-ng.org/guides/TLS-certificates-xcpng/