How to change my 4PSA DNS Manager HTTP server SSL certificate
This article describes how to change the digital certificate used by your 4PSA DNS Manager 3 (or later version) HTTP server.
Requirements
Before you start, make sure that the following requirements are met:
INFO
- You have a 4PSA DNS Manager version higher than 5.0.0 (e.g. 5.2.5)
- You have access and basic knowledge for using a SSH client (e.g.
Putty)
Step 1: Generate CSR and get certificate from CA
Generate an Elliptic Curve (EC) certificate signing request (CSR) and private key. Replace the values in the -subj parameter with your information:
Field descriptions:
C- Country code (2-letter ISO, e.g., US, GB, DE)ST- State or ProvinceL- City or LocalityO- Organization nameOU- Organizational Unit (department)CN- Common Name (FQDN/hostname, e.g., dns.example.com)emailAddress- Administrative contact email
Generate EC private key and CSR (one-liner):
bash
openssl ecparam -genkey -name prime256v1 -out /root/new.key && openssl req -new -key /root/new.key -out /root/certrequest.csr -subj "/C=US/ST=State/L=City/O=Company Name/OU=Organizational Unit/CN=hostname.example.com/emailAddress=admin@example.com"Next steps:
- Send
certrequest.csrto your CA and request an X.509 SSL/TLS EC certificate (typically a single-domain or wildcard certificate) - Copy the received certificate to
/root/newcert.crton your server - If your CA provides an intermediate certificate, save it as
/root/intermediate_cert.crt
Step 2: Install certificate
1. Backup existing certificate:
bash
cp /etc/dnsmanager/certs/http.pem /etc/dnsmanager/certs/http.pem.backup2. Install certificate (without intermediate certificate):
bash
cat /root/new.key /root/newcert.crt > /etc/dnsmanager/certs/http.pem
chmod 400 /etc/dnsmanager/certs/http.pem
chown dnsmanager:dnsmanager /etc/dnsmanager/certs/http.pemOr install certificate (with intermediate certificate):
bash
cat /root/new.key /root/newcert.crt /root/intermediate_cert.crt > /etc/dnsmanager/certs/http.pem
chmod 400 /etc/dnsmanager/certs/http.pem
chown dnsmanager:dnsmanager /etc/dnsmanager/certs/http.pem3. Verify permissions:
bash
ls -la /etc/dnsmanager/certs/http.pemThe output should show:
-r--------. 1 dnsmanager dnsmanager <size> <date> /etc/dnsmanager/certs/http.pemStep 3: Restart service
Restart 4PSA DNS Manager HTTP server:
bash
/etc/init.d/dnsmanager restartVerify the certificate installation using an SSL checker.