Import Trusted SSL Certificates

When you interact with the Agent Factory application, the web page uses self-signed SSL certificates by default. Some web browsers may trigger an “insecure connection” warning, but this does not affect the application’s functionality.

To remove the warning entirely, install your own certificates issued by a trusted certificate authority (CA). Follow these steps:

Note: Adding your own SSL certificates won’t remove the warning unless the certificate is issued by a CA that the browser trusts, and the hostname matches the certificate.

1. Generate your certificates:

   Use your preferred method and certificate authority. Most certificate authorities require the VM hosting the application to have a public DNS name.

   You need a .crt and .key file.

2. Copy the certificate files to the host VM:

   Copy each file to the host VM using the following command:

   scp -i <private_key_file> <path_to_file> <host_user>@<host_public_address>:</destination_path>
   

3. Copy the certificate files into the application container:

   After placing the files on the host, copy each file to the container:

   podman cp <path_to_file> oracle-applied-ai-label:/home/aaiuser/install
   

4. Access the container and import the certificate:

   Enter the container:

   podman exec -it oracle-applied-ai-label bash
   

   Then restart the application by running:

   bash aai importcert -cert <filename>.crt -key <filename>.key
   

When you access the application again, your browser will display the new certificate information. If the certificate comes from a trusted CA, the browser warning will no longer appear.

Note: You are responsible for SSL/TLS certificate selection, procurement, installation, renewal, and trust configuration. Agent Factory does not issue, validate, or manage third-party certificates; it only provides a mechanism to import and use certificates you supply.