How to Replace NetBeez BeezKeeper Server Certificates - Detailed Instructions

panickos · June 15, 2023, 1:03pm

This post is to guide you through the process of replacing your server certificates. Please follow the instructions below (as root):

Prior to making any changes to the existing files, it’s crucial that you keep backups of the existing certificate and key. Use the following commands:

cp /opt/netbeez/user_data/secrets/netbeez.crt /opt/netbeez/user_data/secrets/netbeez.crt.bak
cp /opt/netbeez/user_data/secrets/netbeez.key /opt/netbeez/user_data/secrets/netbeez.key.bak

Then place the .key and .crt files in the following locations:
```
/opt/netbeez/user_data/secrets/netbeez.crt
/opt/netbeez/user_data/secrets/netbeez.key
```
If your files are named differently, please rename them according to the paths provided.

If the certificate you’re working with requires the inclusion of the certificate chain, the netbeez.crt file must be ordered as follows:

-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: eg. your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: eg. DigiCertCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: eg. TrustedRoot.crt)
-----END CERTIFICATE-----

You can combine them with a command like this one:

cat certificate.pem intermediate.pem root.pem > netbeez.crt

NOTE: If you need to generate a certificate for the server, please run this command on the server:

openssl req -new -newkey rsa:2048 -nodes -keyout netbeez.key -out netbeez.csr

Once the files are copied, restart the dashboard service:
```
nb-docker-compose up -d --force-recreate --no-deps nb-dashboard
```
You can verify that the change was successful by watching the nb-dashboard container’s health status using the watch docker ps command.

Othe notes:

If your key has a passphrase, the dashboard won’t be able to start. To remove the passphrase from the key file, use this command (it will prompt for the passphrase to run this command, so you must know it to remove it):

openssl rsa -in netbeez-key-with-passphrase.key -out netbeez.key

Finally, to verify if the certificate and the key match, execute the following commands. The outputs of these commands should match:

openssl pkey -in netbeez.key -pubout -outform pem | sha256sum
openssl x509 -in netbeez.crt -pubkey -noout -outform pem | sha256sum

Please reply to this post if you have any questions or need further clarification on any of the steps.

Topic		Replies	Views
Deploying the NetBeez BeezKeeper Server on Your Own AWS Infrastructure Deploy & Configure deployment , server , on-prem , aws	6	644	June 28, 2023
Customizing NetBeez Docker agent with a ENV file and docker compose Deploy & Configure	0	223	November 7, 2023
Update the Docker subnet configurations NetBeez Dashboard/Server	0	285	April 20, 2023
Extending the NetBeez nb-agent Docker Image to Install Utilities Deploy & Configure	0	226	October 27, 2023
How to manage a NetBeez Beezkeeper server with an external /data directory Deploy & Configure	0	309	June 13, 2023

How to Replace NetBeez BeezKeeper Server Certificates - Detailed Instructions

Othe notes:

Related Topics