Reaching the console
The console is served as a website over SSL, on whichever port you chose when installing the console component.
Let's say your console server is
console.domain.com. If you chose to use the default port (443), you can
omit the port from the URL and reach the console by navigating to
If you chose to use port 8443, you reach the console at
httpsprotocol handler. You cannot reach the console over plain
Accepting the console's certificate
The console uses an SSL certificate created by your own local Puppet certificate authority. Because this authority is specific to your site, web browsers won't know it or trust it, and you must add a security exception in order to access the console.
Adding a security exception for the console is safe to do. Your web browser warns you that the console's identity hasn't been verified by one of the external authorities it knows of, but that doesn't mean it's untrustworthy. Because you or another administrator at your site is in full control of which certificates the Puppet certificate authority signs, the authority verifying the site is you.
When your browser warns you that the certificate authority is invalid or unknown:
In Chrome, click Advanced, then Proceed to <CONSOLE ADDRESS>.
In Firefox, click Advanced, then Add exception.
In Internet Explorer or Microsoft Edge, click Continue to this website (not recommended).
In Safari, click Continue.