How to update expired Nexthink Webconsole Certificate
Question:
How to change or update the expired Nexthink Web Console Certificate of the Appliance?
Answer:
This is a workaround for the default Nexthink certificate, only when it is expired. Ideally, the certificates should be updated with the Appliance upgrade.
Note: For the self-signed certificate, it is highly recommended to create a certificate from the Globally Trusted Publisher or an internal trusted certificate authority (CA).
Steps:
Below steps applied for the Nexthink Web Console certificate only.
The following will create the certificate and key. Make sure to put the appropriate entries in the
-subj
field.
CN= will be the hostname/DNS/FQDN of the appliance, where the certificate will be issued.openssl req -newkey rsa:4096 \ -x509 \ -sha256 \ -days 3650 \ -nodes \ -out webconsole.crt \ -keyout webconsole.key \ -subj "/C=US/ST=Texas/L=Houston/O=Security/OU=IT Department/CN=nexthink.appliance.name"
CODECheck if the generated certificate is correct
openssl x509 -text -in webconsole.crt
CODEConcatenate the
.crt
and the.key
files in a.pem
filecat /home/nexthink/webconsole.crt /home/nexthink/webconsole.key > /home/nexthink/certificate.pem
CODEPerform a sanity check on the result
openssl x509 -in /home/nexthink/certificate.pem -serial -issuer -subject -startdate -enddate -noout
CODEMake a backup of the old/existing Web Console certificate
sudo cp /var/nexthink/console/etc/certificate.pem /var/nexthink/console/etc/certificate.old_$(date +"%Y%m%dT%H%M")
CODERestart the Web Console service to reflect the changes
sudo systemctl stop nxconsole
CODEMove the new certificate to
/var/nexthink/console/etc/
sudo mv /home/nexthink/certificate.pem /var/nexthink/console/etc/
CODESet the correct ownership and file permissions
sudo chown root:root /var/nexthink/console/etc/certificate.pem
CODEsudo chmod 644 /var/nexthink/console/etc/certificate.pem
CODERestart the web console service to reflect the changes
sudo systemctl start nxconsole
NONEExample:
