This post is to guide you through the process of replacing your server certificates. Please follow the instructions below (as root):
Prior to making any changes to the existing files, it’s crucial that you keep backups of the existing certificate and key. Use the following commands:
cp /opt/netbeez/user_data/secrets/netbeez.crt /opt/netbeez/user_data/secrets/netbeez.crt.bak cp /opt/netbeez/user_data/secrets/netbeez.key /opt/netbeez/user_data/secrets/netbeez.key.bak
Then place the
.crtfiles in the following locations:
If your files are named differently, please rename them according to the paths provided.
If the certificate you’re working with requires the inclusion of the certificate chain, the
netbeez.crtfile must be ordered as follows:
-----BEGIN CERTIFICATE----- (Your Primary SSL certificate: eg. your_domain_name.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Intermediate certificate: eg. DigiCertCA.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Root certificate: eg. TrustedRoot.crt) -----END CERTIFICATE-----
You can combine them with a command like this one:
cat certificate.pem intermediate.pem root.pem > netbeez.crt
NOTE: If you need to generate a certificate for the server, please run this command on the server:
openssl req -new -newkey rsa:2048 -nodes -keyout netbeez.key -out netbeez.csr
Once the files are copied, restart the dashboard service:
nb-docker-compose up -d --force-recreate --no-deps nb-dashboard
You can verify that the change was successful by watching the
nb-dashboardcontainer’s health status using the
watch docker pscommand.
If your key has a passphrase, the dashboard won’t be able to start. To remove the passphrase from the key file, use this command (it will prompt for the passphrase to run this command, so you must know it to remove it):
openssl rsa -in netbeez-key-with-passphrase.key -out netbeez.key
Finally, to verify if the certificate and the key match, execute the following commands. The outputs of these commands should match:
openssl pkey -in netbeez.key -pubout -outform pem | sha256sum openssl x509 -in netbeez.crt -pubkey -noout -outform pem | sha256sum
Please reply to this post if you have any questions or need further clarification on any of the steps.