How to Replace NetBeez BeezKeeper Server Certificates - Detailed Instructions

This post is to guide you through the process of replacing your server certificates. Please follow the instructions below (as root):

  1. Prior to making any changes to the existing files, it’s crucial that you keep backups of the existing certificate and key. Use the following commands:

    cp /opt/netbeez/user_data/secrets/netbeez.crt /opt/netbeez/user_data/secrets/netbeez.crt.bak
    cp /opt/netbeez/user_data/secrets/netbeez.key /opt/netbeez/user_data/secrets/netbeez.key.bak
  2. Then place the .key and .crt files in the following locations:


    If your files are named differently, please rename them according to the paths provided.

  3. If the certificate you’re working with requires the inclusion of the certificate chain, the netbeez.crt file must be ordered as follows:

    (Your Primary SSL certificate: eg. your_domain_name.crt)
    -----END CERTIFICATE-----
    (Your Intermediate certificate: eg. DigiCertCA.crt)
    -----END CERTIFICATE-----
    (Your Root certificate: eg. TrustedRoot.crt)
    -----END CERTIFICATE-----

    You can combine them with a command like this one:

    cat certificate.pem intermediate.pem root.pem > netbeez.crt

    NOTE: If you need to generate a certificate for the server, please run this command on the server:

    openssl req -new -newkey rsa:2048 -nodes -keyout netbeez.key -out netbeez.csr
  4. Once the files are copied, restart the dashboard service:

    nb-docker-compose up -d --force-recreate --no-deps nb-dashboard

    You can verify that the change was successful by watching the nb-dashboard container’s health status using the watch docker ps command.

Othe notes:

If your key has a passphrase, the dashboard won’t be able to start. To remove the passphrase from the key file, use this command (it will prompt for the passphrase to run this command, so you must know it to remove it):

openssl rsa -in netbeez-key-with-passphrase.key -out netbeez.key

Finally, to verify if the certificate and the key match, execute the following commands. The outputs of these commands should match:

openssl pkey -in netbeez.key -pubout -outform pem | sha256sum
openssl x509 -in netbeez.crt -pubkey -noout -outform pem | sha256sum

Please reply to this post if you have any questions or need further clarification on any of the steps.

1 Like