How to Replace NetBeez BeezKeeper Server Certificates - Detailed Instructions

panickos · June 15, 2023, 1:03pm

This post is to guide you through the process of replacing your server certificates. Please follow the instructions below (as root):

Prior to making any changes to the existing files, it’s crucial that you keep backups of the existing certificate and key. Use the following commands:

cp /opt/netbeez/user_data/secrets/netbeez.crt /opt/netbeez/user_data/secrets/netbeez.crt.bak
cp /opt/netbeez/user_data/secrets/netbeez.key /opt/netbeez/user_data/secrets/netbeez.key.bak

Then place the .key and .crt files in the following locations:
```
/opt/netbeez/user_data/secrets/netbeez.crt
/opt/netbeez/user_data/secrets/netbeez.key
```
If your files are named differently, please rename them according to the paths provided.

If the certificate you’re working with requires the inclusion of the certificate chain, the netbeez.crt file must be ordered as follows:

-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: eg. your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: eg. DigiCertCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: eg. TrustedRoot.crt)
-----END CERTIFICATE-----

You can combine them with a command like this one:

cat certificate.pem intermediate.pem root.pem > netbeez.crt

NOTE: If you need to generate a certificate for the server, please run this command on the server:

openssl req -new -newkey rsa:2048 -nodes -keyout netbeez.key -out netbeez.csr

Once the files are copied, restart the dashboard service:
```
nb-docker-compose up -d --force-recreate --no-deps nb-dashboard
```
You can verify that the change was successful by watching the nb-dashboard container’s health status using the watch docker ps command.

Othe notes:

If your key has a passphrase, the dashboard won’t be able to start. To remove the passphrase from the key file, use this command (it will prompt for the passphrase to run this command, so you must know it to remove it):

openssl rsa -in netbeez-key-with-passphrase.key -out netbeez.key

Finally, to verify if the certificate and the key match, execute the following commands. The outputs of these commands should match:

openssl pkey -in netbeez.key -pubout -outform pem | sha256sum
openssl x509 -in netbeez.crt -pubkey -noout -outform pem | sha256sum

Please reply to this post if you have any questions or need further clarification on any of the steps.

Topic		Replies	Views
How to Migrate Beezkeeper data to a new server Deploy & Configure	1	56	August 19, 2024
Deploying the NetBeez BeezKeeper Server on Your Own AWS Infrastructure Deploy & Configure deployment , server , on-prem , aws	6	778	June 28, 2023
How to manage a NetBeez Beezkeeper server with an external /data directory Deploy & Configure	0	384	June 13, 2023
Enable SSL websocket on Netbeez NetBeez Dashboard/Server deployment , on-prem	2	428	May 17, 2023
NetBeez releases BeezKeeper version 14.4! Announcements release	0	47	February 6, 2025

How to Replace NetBeez BeezKeeper Server Certificates - Detailed Instructions

Othe notes:

Related topics