How to remove a "not safe" flag when getting into a RHEL cockpit portal on my intranet (AD based)?

Question

I have an ERP server hosted on RHEL 8.3, and for management I use cockpit portal from my web browser.

Everytime I enter to this portal I get a message saying the website is not trustable, and I want to remove it. This is the same problem I have with the web management portal of a TP-Link OC200 controller, and I suppose the same thing will happen if I try to setup a Windows Admin Center server too.

I have AD DS on my network thanks to a Windows Server 2016 Standard server with Essentials Experience running (with CALs and license all in rule), so I have AD CA too.

I googled that you can use this last role to resolve this little issue I'm dealing with, but because this is a production environment, I really don't want to mess up something. I want too to assign a forward address to the server, not only use server name or IP address, so I can type, for example, "myerp.local" on my browser, and enter the managing portal effortlessly.

I really don't have any experience with certificates neither managing DNS, so any help you can provide me will be appreciated.

Can you help me?

Answer 1

Delete the .local and rename it, based on a domain name you've registered publicly. So, myerp.example.net and host1.example.net (but your name). .local is for mDNS. Also, you can't get an internet ready cert from a public CA. If not now, schedule a project to rename the domain on the next big organizational change.

Trust the root CA of your PKI on client hosts in your organization. Typically via Group Policy to Windows hosts. Other methods for installing to trust stores exist, including for other operating systems - can package certs up for Linux desktops if necessary.

Create a separate test environment with a different instance of the app, on a different host, with enough supporting infrastructure to be useful.

Issue x509 certs in test first. Confirm the latest TLS ciphers are encrypting the connection. Run the same procedure in production.

Automate the issuing of certificates. Put a reminder on the calendar to renew a week before this batch of certs expire.