HTTPS Config

[arunb1]

Hi - wondering if anyone may be able to advise on using OpenCTI with Self Signed Certificates. I have it all working over HTTP internally but I want it to be configured with HTTPS. I have created via Open SSL the Certs and tested they are working on Portainer which I have HTTPS Configured. My Portainer and OpenCTI are on the same VM. I am getting the following error on the Platform Container when I view in Portainer. My basic config also posted below. I have the CA installed for the Self Signed Certs on the Linux Host in trusted store. The config deploys ok but if I try and visit the Ip on port 8443 the web page says ERR_CONNECTION_REFUSED. Any advice would be appreciated - thank you.

Container Error on OpenCTI Platform:
ERR Engine unhandled rejection | category=APP errors=[{"attributes":{"genre":"TECHNICAL","http_status":500,"promise":{},"reason":{}},"message":"Engine unhandled rejection","name":"UNKNOWN_ERROR","stack":"UNKNOWN_ERROR: Engine unhandled rejection\n at error (/opt/opencti/build/src/config/errors.js:8:10)\n at UnknownError (/opt/opencti/build/src/config/errors.js:76:47)\n at process. (/opt/opencti/build/src/boot.js:40:16)\n at process.emit (node:events:518:28)\n at process.emit (/opt/opencti/build/node_modules/source-map-support/source-map-support.js:516:21)\n at emit (node:internal/process/promises:150:20)\n at processPromiseRejections (node:internal/process/promises:284:27)\n at processTicksAndRejections (node:internal/process/task_queues:96:32)"}] timestamp=2024-02-28T10:55:58.653Z version=5.12.33

OpenCTI Basic Compose for the Platform:
opencti:
image: opencti/platform:5.12.33
environment:
- NODE_OPTIONS=--max-old-space-size=8096
- APP__PORT=8080
- APP__BASE_URL=${OPENCTI_BASE_URL}
- APP__ADMIN__EMAIL=${OPENCTI_ADMIN_EMAIL}
- APP__ADMIN__PASSWORD=${OPENCTI_ADMIN_PASSWORD}
- APP__ADMIN__TOKEN=${OPENCTI_ADMIN_TOKEN}
- APP__APP_LOGS__LOGS_LEVEL=error
- APP__HTTPS_CERT__CRT=${APP__HTTPS_CERT__CRT}
- APP__HTTPS_CERT__KEY=${APP__HTTPS_CERT__KEY}
- REDIS__HOSTNAME=redis
- REDIS__PORT=6379
- ELASTICSEARCH__URL=http://elasticsearch:9200/
- MINIO__ENDPOINT=minio
- MINIO__PORT=9000
- MINIO__USE_SSL=false
- MINIO__ACCESS_KEY=${MINIO_ROOT_USER}
- MINIO__SECRET_KEY=${MINIO_ROOT_PASSWORD}
- RABBITMQ__HOSTNAME=rabbitmq
- RABBITMQ__PORT=5672
- RABBITMQ__PORT_MANAGEMENT=15672
- RABBITMQ__MANAGEMENT_SSL=false
- RABBITMQ__USERNAME=${RABBITMQ_DEFAULT_USER}
- RABBITMQ__PASSWORD=${RABBITMQ_DEFAULT_PASS}
- SMTP__HOSTNAME=${SMTP_HOSTNAME}
- SMTP__PORT=25
- PROVIDERS__LOCAL__STRATEGY=LocalStrategy
ports:
- "8443:8080"
depends_on:
- redis
- elasticsearch
- minio
- rabbitmq
restart: always
worker:
image: opencti/worker:5.12.33
environment:
- OPENCTI_URL=${OPENCTI_URL}
- OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
- WORKER_LOG_LEVEL=info
depends_on:
- opencti
deploy:
mode: replicated
replicas: 3
restart: always
APP__HTTPS_CERT__CRT = /usr/local/share/ca-certificates/opencti.test.key
APP__HTTPS_CERT__KEY = /usr/local/share/ca-certificates/opencti2.testcer.cer (and have tried with .crt)

[arunb1]

I solved it now