Replacing the SSL certificate of a cluster node

To replace the SSL certificate of a cluster node:

1. Log in over SSH to the management console of the node for which you want to replace the certificate.
2. Place the certificate file (cert.pem) and the private key file (key.pem) in the /root directory.
3. Change to the web server config files directory:

   cd /etc/nginx/ksmg

4. Create backup copies of the current certificate and private key:

   cp -p webapi.crt webapi.crt.backup

   cp -p webapi.key webapi.key.backup

5. Replace the contents of the certificate and private key files:

   cat /root/cert.pem > webapi.crt

   cat /root/key.pem > webapi.key

6. Set the owner of the certificate and access permissions of the private key:

   chown root:root webapi.crt

   chmod 644 webapi.crt

   chown kluser:root webapi.key

   chmod 600 webapi.key

7. Restart the nginx service:

   systemctl restart nginx

8. Check the status of the nginx service:

   systemctl status nginx

   The service must have the running status.

9. Open the web interface of the cluster node in the browser. If the certificate was successfully replaced, the insecure connection warning is not displayed.
10. If the replacement was successful, delete the original certificate and private key files from the /root directory:

    rm -f /root/cert.pem /root/key.pem

The SSL certificate of the cluster node is replaced. If you want to replace certificates on multiple cluster nodes, you must follow the step-by-step instruction on each of the nodes.