Replacing the SSL certificate of a cluster node
Replacing the SSL certificate of a cluster node
July 3, 2024
ID 234129
To replace the SSL certificate of a cluster node:
- Log in over SSH to the management console of the node for which you want to replace the certificate.
- Place the certificate file (cert.pem) and the private key file (key.pem) in the
/root
directory. - Change to the web server config files directory:
cd /etc/nginx/ksmg
- Create backup copies of the current certificate and private key:
cp -p webapi.crt webapi.crt.backup
cp -p webapi.key webapi.key.backup
- Replace the contents of the certificate and private key files:
cat /root/cert.pem > webapi.crt
cat /root/key.pem > webapi.key
- Set the owner of the certificate and access permissions of the private key:
chown root:root webapi.crt
chmod 644 webapi.crt
chown kluser:root webapi.key
chmod 600 webapi.key
- Restart the nginx service:
systemctl restart nginx
- Check the status of the nginx service:
systemctl status nginx
The service must have the
running
status. - Open the web interface of the cluster node in the browser. If the certificate was successfully replaced, the insecure connection warning is not displayed.
- If the replacement was successful, delete the original certificate and private key files from the
/root
directory:rm -f /root/cert.pem /root/key.pem
The SSL certificate of the cluster node is replaced. If you want to replace certificates on multiple cluster nodes, you must follow the step-by-step instruction on each of the nodes.
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.