Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
This article describes how to change the digital certificate used by your 4PSA DNS Manager 3 (or later version) HTTP server.
Requirements
Before you start, make sure that the following requirements are met:
- You have a 4PSA DNS Manager version higher than 3.0.0 (e.g. 4.0.0)
- You have access and basic knowledge for using a SSH client (e.g.
Putty
)
Changing the Server's SSL
CertificateSTEP 1: Generate private key and request certificate.
Log in as root using a SSH client, create a certificate request, and send it to your CA authority:
certificate
To change the digital certificate used by your HTTP server, you have to create a signing request, send the request to your CA authority and then install the new certificate on your server:
STEP 1: Log in to your 4PSA DNS Manager server using your favorite SSH console (e.g. Putty
).
STEP 2: Create the signing request for the certificate by executing the command:
Code Block |
---|
openssl req -nodesnew -newkey rsa:2048 -keyout /root/new.keykey /usr/local/dnsmanager/admin/conf/httpd.pem -out /root/certrequest.csr |
This command will generate a 2048-bit key file. Then it will ask basic information about the entity being certified. The Private Key file generated with above command will not have a secret pass-phrase.
Note |
---|
When you will receive the message: "Please enter the following 'extra' attributes to be sent with your certificate request DO NOT SUBMIT ANY PASSWORD, just press enter. |
STEP 2: Save and keep your new key because you will need it later.
STEP 3: Send the certrequest.csr
file to the CA authority of your choice (there are many vendors like GeoTrust, RapidSSL, Verisign, etc.).
STEP 4: Send the certrequest.csr
to to your CA authority and they will send back to you a new certificate. After you receive the certificate, copy it on your the server in your root directory. Let us assume that the certificate name is newcert.crt
.
STEP 3: Make a backup copy of the existing certificate.
Create a backup copy of the existing httpd.pem. If something goes wrong you can restore the certificate from backup:
Code Block |
---|
cp /etc/dnsmanager/certs/http.pem /etc/dnsmanager/certs/http.pem-bck |
Install the New Certificate
The new http.pem
file contains the the primary certificate received from the CA Authority. If a intermediate certificate should be installed then it should be concatenated into the same file as the primary certificate.
The new.key
file contains the private key generated earlier.
STEP 1: Copy the key to the proper location and rename the key:
Code Block |
---|
cp /root/new.key /etc/dnsmanager/certs/http.pem |
(in this example, the certificate will be temporarily stored in /root/newcert.pem
).
STEP 5: Open the /usr/local/dnsmanager/admin/conf/httpd.pem
file with your favorite text editor (e.g. NotePad++, jEdit) and remove the lines starting with:
-----BEGIN CERTIFICATE-----
and ending with:
-----END CERTIFICATE-----
STEP 6: Copy the new certificate by executing the commandSTEP 2: Copy the certificate received from your CA authority into http.pem
file:
Code Block |
---|
cat /root/newcert.crtpem >> /etcusr/local/dnsmanager/certs/http.pem |
If an intermediate SSL certificate should be installed you have to make sure that is concatenated into the same file as the primary certificate.
Code Block |
---|
cat /root/intermediate_cert.crt >> /etc/dnsmanager/certs/httpadmin/conf/httpd.pem |
STEP 3: Change the permission and the ownership of the http.pem
file like this:
Code Block |
---|
chmod 640 /etc/dnsmanager/certs/http.pem
chown httpsa: /etc/dnsmanager/certs/http.pem |
Test Installation of New Certificate
Restart DNS Manager HTTP service 7: Restart 4PSA DNS Manager HTTP server using:
Code Block |
---|
/etc/init.d/dnsmanager restart |
Related
Articlesarticles
Content by Label | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 4.0 International.