Place the certificate file (cert.pem) and the private key file (key.pem) in the /root directory.
Change to the web server config files directory:
cd /var/opt/kaspersky/ksmg/certs
Create backup copies of the current certificate and private key:
cp -p webapi.crt webapi.crt.backup
cp -p webapi.key webapi.key.backup
cp -p dhparam.pem dhparam.pem.backup
Replace the contents of the certificate and private key files:
cat /root/cert.pem > webapi.crt
cat /root/key.pem > webapi.key
Generate DH parameters:
openssl dhparam -out dhparam.pem 4096
Generating DH parameters may take 10 to 20 minutes. Wait for the operation to finish.
Configure access permissions for the modified files using the following commands:
chown root:root webapi.crt
chmod 644 webapi.crt
chown kluser:root webapi.key
chmod 600 webapi.key
chown root:root dhparam.pem
chmod 644 dhparam.pem
Restart the nginx service:
systemctl restart nginx
Check the status of the nginx service:
systemctl status nginx
The service must have the running status.
Open the web interface of the cluster node in the browser. If the certificate was successfully replaced, the insecure connection warning is not displayed.
If the replacement was successful, delete the original certificate and private key files from the /root directory:
rm -f /root/cert.pem /root/key.pem
The SSL certificate of the cluster node is replaced. If you want to replace certificates on multiple cluster nodes, you must follow the step-by-step instruction on each node.