How to change or update the expired Nexthink Web Console Certificate of the Appliance?
This is a workaround for the default Nexthink certificate, only when it is expired. Ideally, the certificates should be updated with the Appliance upgrade.
Note: For the self-signed certificate, it is highly recommended to create a certificate from the Globally Trusted Publisher or an internal trusted certificate authority (CA).
Below steps applied for the Nexthink Web Console certificate only.
The following will create the certificate and key. Make sure to put the appropriate entries in the
CN= will be the hostname/DNS/FQDN of the appliance, where the certificate will be issued.
openssl req -newkey rsa:4096 \ -x509 \ -sha256 \ -days 3650 \ -nodes \ -out webconsole.crt \ -keyout webconsole.key \ -subj "/C=US/ST=Texas/L=Houston/O=Security/OU=IT Department/CN=nexthink.appliance.name"CODE
Check if the generated certificate is correct
openssl x509 -text -in webconsole.crtCODE
.keyfiles in a
cat /home/nexthink/webconsole.crt /home/nexthink/webconsole.key > /home/nexthink/certificate.pemCODE
Perform a sanity check on the result
openssl x509 -in /home/nexthink/certificate.pem -serial -issuer -subject -startdate -enddate -nooutCODE
Make a backup of the old/existing Web Console certificate
sudo cp /var/nexthink/console/etc/certificate.pem /var/nexthink/console/etc/certificate.old_$(date +"%Y%m%dT%H%M")CODE
Restart the Web Console service to reflect the changes
sudo systemctl stop nxconsoleCODE
Move the new certificate to
sudo mv /home/nexthink/certificate.pem /var/nexthink/console/etc/CODE
Set the correct ownership and file permissions
sudo chown root:root /var/nexthink/console/etc/certificate.pemCODE
sudo chmod 644 /var/nexthink/console/etc/certificate.pemCODE
Restart the web console service to reflect the changes
sudo systemctl start nxconsoleNONE