Log in Nodegrid as root:
ssh root@<Nodegrid_IP>
Change directory to /etc/CA:
cd /etc/CA
Create a RSA key:
openssl genrsa -out key.pem.new 2048
Create a Certificate Signing Request:
openssl req -new -sha256 -key key.pem.new -out csr.pem
Make sure the files have the right permissions:
chmod 0640 *.new
Sign the Certificate Signing Request:
Send the Certificate Signing Request domain.csr to a Certificate Authority to be signed.
The Certificate Authority will sign the CSR and send you a certificate in PEM format.
Install the Signed Certificate
Copy the signed certificate received from the Certificate Authority to Nodegrid:
scp <certificate> root@<Nodegrid_IP>:/etc/CA/cert.pem.new
If the CSR was generated off-box, copy the private key to the Nodegrid:
If encrypted private key, contents will show: -----BEGIN ENCRYPTED PRIVATE KEY-----
scp <private key> root@<Nodegrid_IP>:/etc/CA/key-ENCR.pem.new
If non-encrypted private key, contents will show: -----BEGIN PRIVATE KEY-----
scp <private key> root@<Nodegrid_IP>:/etc/CA/key.pem.new
Log in Nodegrid as root:
ssh root@<Nodegrid_IP>
Change directory to /etc/CA:
cd /etc/CA
Back up the original key and certificate:
cp key.pem key.pem.old
cp cert.pem cert.pem.old
cp key_cert.pem key_cert.pem.old
If the private key was encrypted, decrypt it using its pass phrase before installing:
openssl rsa -in key-ENCR.pem.new -out key.pem.new
Install the new key and certificate:
mv key.pem.new key.pem
mv cert.pem.new cert.pem
cat key.pem cert.pem > key_cert.pem
Make sure the files have the right permissions:
chmod 0640 key_cert.pem
chmod 0644 cert.pem
Restart apache
apachectl graceful