elf-signed certificates and local CAs
Per default Heimdall uses the standard certificate bundle file (ca-certificates.crt) to verify HTTPS sites and will ignore additional certificates placed in /etc/ssl/certs. If you wish to use enhanced apps with HTTPS sites that use a self-signed certificate or certs signed with your own local CA, you can override the default bundle:
- Create a unified certificate
.pemfile that contains all CAs and certificates that Heimdall has to verify. For example, if you use both LetsEncrypt and a local CA for your internal apps, concatenate the LetsEncrypt intermediate CA (export via browser) and your local CAcert.pem(or any number of self-signed certs) into oneheimdall.pemfile. - Place the
heimdall.peminto the container (if you use Docker), for example by placing it in the path that you mapped to/config. Make sure that the Heimdall user has read access (chmod a+r). - Set the
openssl.cafilesetting in/config/php/php-local.inito your cert bundle:
# /config/php/php-local.ini
openssl.cafile = /config/heimdall.pem
Restart the container and the enhanced apps should now be able to access your local HTTP websites. This configuration will survive updating or recreating the Heimdall container.
未完待续