SSL & Certificates

CoreSight requires HTTPS to ensure secure communication between the client and the backend, and for WebSockets to work securely.

Let's Encrypt (Automated)

If your server is accessible from the internet and has a valid domain name, you can use the built-in Certbot integration to generate a trusted Let's Encrypt certificate.

• The installation script will configure automatic renewal via a systemd timer (coresight-cert-renew.timer).

Self-Signed Certificates (Air-Gapped)

For internal networks, the script automatically generates a self-signed certificate with Subject Alternative Names (SAN) matching your server's IP address and hostname.

• Note: Browsers will display a security warning unless you import the certificate (/opt/coresight/server/certs/cert.pem) into your clients' trusted root store.