Replacing the SSL certificate of a cluster node

3 July 2024

ID 234129

To replace the SSL certificate of a cluster node:

  1. Log in over SSH to the management console of the node for which you want to replace the certificate.
  2. Place the certificate file (cert.pem) and the private key file (key.pem) in the /root directory.
  3. Change to the web server config files directory:

    cd /etc/nginx/ksmg

  4. Create backup copies of the current certificate and private key:

    cp -p webapi.crt webapi.crt.backup

    cp -p webapi.key webapi.key.backup

  5. Replace the contents of the certificate and private key files:

    cat /root/cert.pem > webapi.crt

    cat /root/key.pem > webapi.key

  6. Set the owner of the certificate and access permissions of the private key:

    chown root:root webapi.crt

    chmod 644 webapi.crt

    chown kluser:root webapi.key

    chmod 600 webapi.key

  7. Restart the nginx service:

    systemctl restart nginx

  8. Check the status of the nginx service:

    systemctl status nginx

    The service must have the running status.

  9. Open the web interface of the cluster node in the browser. If the certificate was successfully replaced, the insecure connection warning is not displayed.
  10. If the replacement was successful, delete the original certificate and private key files from the /root directory:

    rm -f /root/cert.pem /root/key.pem

The SSL certificate of the cluster node is replaced. If you want to replace certificates on multiple cluster nodes, you must follow the step-by-step instruction on each of the nodes.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.