4PSA Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 5

changes.mady.by.user Wikid

Saved on

compared with

New Version 6

changes.mady.by.user Wikid

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This article describes how to change the digital certificate used by your 4PSA DNS Manager 3 (or later version) HTTP server.

Requirements

Before you start, make sure that the following requirements are met:

  • You have a 4PSA DNS Manager version higher than 4.1 (e.g. 4.1.1)
  • You have access and basic knowledge for using a SSH client (e.g. Putty)

Change the Server's SSL Certificate

STEP 1: Generate private key and request certificate.

Log in as root using a SSH client, create a certificate request, and send it to your CA authority:

Code Block
openssl req -nodes -newkey rsa:2048 -keyout /root/new.key -out /root/certrequest.csr

This command will generate a 2048-bit key file. Then it will ask basic information about the entity being certified. The Private Key file generated with above command will not have a secret pass-phrase.

Note

When you will receive the message:

"Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []:"

DO NOT SUBMIT ANY PASSWORD, just press enter.

STEP 2: Save and keep your new key because you will need it later. 

Send the certrequest.csr to to your CA authority and they will send back to you a new certificate. After you receive the certificate, copy it on your server in your root directory. Let us assume that the certificate name is newcert.crt.

STEP 3: Make a backup copy of the existing certificate. 

Create a backup copy of the existing httpd.pem. If something goes wrong you can restore the certificate from backup:

Code Block
cp /etc/dnsmanager/certs/http.pem /etc/dnsmanager/certs/http.pem-bck

Install the New Certificate

The new http.pem file contains the the primary certificate received from the CA Authority. If a intermediate certificate should be installed then it should be concatenated into the same file as the primary certificate.

The new.key file contains the private key generated earlier.

STEP 1: Copy the key to the proper location and rename the key: 

Code Block
cp /root/new.key  /etc/dnsmanager/certs/http.pem

STEP 2: Copy the certificate received from your CA authority into http.pem file:

Code Block
cat /root/newcert.crt >> /etc/dnsmanager/certs/http.pem

If an intermediate SSL certificate should be installed you have to make sure that is concatenated into the same file as the primary certificate.

Code Block
cat /root/intermediate_cert.crt >> /etc/dnsmanager/certs/http.pem

STEP 3: Change the permission and the ownership of the http.pem file like this:

Code Block
chmod 640 /etc/dnsmanager/certs/http.pem
chown httpsa: /etc/dnsmanager/certs/http.pem

Test Installation of New Certificate

Restart DNS Manager HTTP service using:

Code Block
/etc/init.d/dnsmanager restart

Content by Label
showLabelsfalse
max5
spacesKB
sortmodified
showSpacefalse
reversetrue
typepage
labelsssl certificate

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 4.0 International.