Importing certificates to browsers
This section describes how to import a root certificate authority into a web browser to use Che with self-signed TLS certificates.
When a TLS certificate is not trusted, the error message "Your Eclipse Che server may be using a self-signed certificate. To resolve the issue, import the server CA certificate in the browser." blocks the login process. To prevent this, add the public part of the self-signed CA certificate into the browser after installing Che.
Adding certificates to Google Chrome on Linux or Windows
-
Navigate to URL where Che is deployed.
-
Save the certificate:
-
Click the warning or open lock icon on the left of the address bar.
-
Click Certificates and navigate to the Details tab.
-
Select the top-level certificate which is the Root certificate authority and export it:
-
On Linux, click the Export button.
-
On Windows, click the Save to file button.
-
-
-
Go to Google Chrome Settings, then to the Authorities tab
-
In the left panel, select Advanced and continue to Privacy and security.
-
At the center of the screen, click Manage certificates and navigate to Authorities tab.
-
Click the Import button and open the saved certificate file.
-
Select Trust this certificate for identifying websites and click the OK button.
-
After adding the Che certificate to the browser, the address bar displays the closed lock icon next to the URL, indicating a secure connection.
Adding certificates to Google Chrome and Safari on macOS
-
Navigate to URL where Che is deployed.
-
Save the certificate:
-
Click the lock icon on the left of the address bar.
-
Click Certificates.
-
Select the certificate to use and drag and drop its displayed large icon to the desktop.
-
-
Open the Keychain Access application.
-
Select the System keychain and drag and drop the saved certificate file to it.
-
Double-click the imported CA, then go to Trust and select When using this certificate: Always Trust.
-
Restart the browser for the added certificated to take effect.
Adding certificates to Firefox
-
Navigate to URL where Che is deployed.
-
Save the certificate:
-
Click the lock icon on the left of the address bar.
-
Click the > button next to the Connection not secure warning.
-
Click the More information button.
-
Click the View Certificate button on the Security tab.
-
Select the second certificate tab. The certificate Common Name should start with ingress-operator
-
Click the PEM (cert) link and save the certificate.
-
-
Navigate to about:preferences, search for
certificates
, and click View Certificates. -
Go to the Authorities tab, click the Import button, and open the saved certificate file.
-
Check Trust this CA to identify websites and click OK.
-
Restart Firefox for the added certificated to take effect.
-
After adding the Che certificate to the browser, the address bar displays the closed lock icon next to the URL, indicating a secure connection.