Install a X.509 Certificate from a Certificate Signing Request using OpenSSL
- For systems running Nodegrid OS v6.0.2 and newer, we recommend using the UI to install certificates: Apply HTTPS certificate in Nodegrid.
- For older Nodegrid OS versions, use openssl via the root shell to install certificates:
Generate a Certificate Signing Request
Note: CSRs can be generated off-box. It is critical to retain a copy of the original private key to copy onto the Nodegrid appliance after the certificate is signed. If it is encrypted, be sure to note the pass phrase as well.
Log in Nodegrid as root:
ssh root@<Nodegrid_IP>
Change directory to /etc/CA:
cd /etc/CA
Create a RSA key:
openssl genrsa -out key.pem.new 2048
Create a Certificate Signing Request:
openssl req -new -sha256 -key key.pem.new -out csr.pem
Make sure the files have the right permissions:
chmod 0640 *.new
Sign the Certificate Signing Request:
Send the Certificate Signing Request domain.csr to a Certificate Authority to be signed.
The Certificate Authority will sign the CSR and send you a certificate in PEM format.
Install the Signed Certificate
Copy the signed certificate received from the Certificate Authority to Nodegrid:
scp <certificate> root@<Nodegrid_IP>:/etc/CA/cert.pem.new
If the CSR was generated off-box, copy the private key to the Nodegrid:
If encrypted private key, contents will show: -----BEGIN ENCRYPTED PRIVATE KEY-----
scp <private key> root@<Nodegrid_IP>:/etc/CA/key-ENCR.pem.new
If non-encrypted private key, contents will show: -----BEGIN PRIVATE KEY-----
scp <private key> root@<Nodegrid_IP>:/etc/CA/key.pem.new
Log in Nodegrid as root:
ssh root@<Nodegrid_IP>
Change directory to /etc/CA:
cd /etc/CA
Back up the original key and certificate:
cp key.pem key.pem.old
cp cert.pem cert.pem.old
cp key_cert.pem key_cert.pem.old
If the private key was encrypted, decrypt it using its pass phrase before installing:
openssl rsa -in key-ENCR.pem.new -out key.pem.new
Install the new key and certificate:
mv key.pem.new key.pem
mv cert.pem.new cert.pem
cat key.pem cert.pem > key_cert.pem
Make sure the files have the right permissions:
chmod 0640 key_cert.pem
chmod 0644 cert.pem
Restart apache
apachectl graceful
Related Articles
OpenSSL 3.0 Vulnerability - CVE-2022-3602 and CVE-2022-3786
OpenSSL released version 3.0.7 on Nov 1st, 2022 - patching two related vulnerabilities both currently rated as "High". Initially, CVE-2022-3602 was rated "Critical" and downgraded after analysis. Currently, there are two production versions of ...
How to configure Single Sign-On authentication in Nodegrid using Duo.
This document will guide the configuration required in Nodegrid, Duo Admin Panel, and Duo Access Gateway. Duo Access Gateway Setup 1. Install Duo Access Gateway on a server in your DMZ. Follow the instructions for deploying the server, configuring ...
How to increase the partition size of a Nodegrid appliance running NG v4.1.7 or newer, NG v4.2.5 or newer, or NG v5.0.x
It is possible to upgrade to some versions of Nodegrid OS without going through the recommended intermediate versions of NG v4.1.6 or v4.2.4. This article applies to systems running the following versions: NG v4.1.7 or newer NG v4.2.5 or newer NG ...
Apply HTTPS certificate in Nodegrid
Follow the steps from this article to generate a certificate signed request. Then log in as admin to Nodegrid WebUI, and go to System :: Toolkit :: System Certificate. Upload the certificate file in .pem or .crt extension by selecting Local Computer ...
Improved NodeGrid WebUI: Apply Settings using Local System option
To Save the current configuration of your NodeGrid, follow the steps below (5.x.x and 6.x.x NodeGrid Versions) WebUI 1. Go to System, Toolkit, and click on Save Settings icon. 2. Select the option where you want to save the configuration: a. Local ...