SSL certificate should be stored in /etc/cockpit/ws-certs.d with a .cert extension. The file should contain the certificate and its private key.
To check which certificate cockpit-ws will use:
$ remotectl certificate
See Cockpit Certificates.
SSL ciphers are defined in /etc/systemd/system/cockpit.service.d/ssl.conf, for example:
When running as a container cockpit will establish SSH to the underlying host.
See Cockpit Kubernetes.