How to update expired Nexthink Webconsole Certificate
Question:
How to change or update the expired Nexthink Web Console Certificate of the Appliance?
Answer:
This is a workaround for the default Nexthink certificate, only when it is expired. Ideally, the certificates should be updated with the Appliance upgrade.
Note: For the self-signed certificate, it is highly recommended to create a certificate from the Globally Trusted Publisher or an internal trusted certificate authority (CA).
Steps:
Below steps applied for the Nexthink Web Console certificate only.
The following will create the certificate and key. Make sure to put the appropriate entries in the
-subjfield.
CN= will be the hostname/DNS/FQDN of the appliance, where the certificate will be issued.openssl req -newkey rsa:4096 \ -x509 \ -sha256 \ -days 3650 \ -nodes \ -out webconsole.crt \ -keyout webconsole.key \ -subj "/C=US/ST=Texas/L=Houston/O=Security/OU=IT Department/CN=nexthink.appliance.name"CODECheck if the generated certificate is correct
openssl x509 -text -in webconsole.crtCODEConcatenate the
.crtand the.keyfiles in a.pemfilecat /home/nexthink/webconsole.crt /home/nexthink/webconsole.key > /home/nexthink/certificate.pemCODEPerform a sanity check on the result
openssl x509 -in /home/nexthink/certificate.pem -serial -issuer -subject -startdate -enddate -nooutCODEMake a backup of the old/existing Web Console certificate
sudo cp /var/nexthink/console/etc/certificate.pem /var/nexthink/console/etc/certificate.old_$(date +"%Y%m%dT%H%M")CODERestart the Web Console service to reflect the changes
sudo systemctl stop nxconsoleCODEMove the new certificate to
/var/nexthink/console/etc/sudo mv /home/nexthink/certificate.pem /var/nexthink/console/etc/CODESet the correct ownership and file permissions
sudo chown root:root /var/nexthink/console/etc/certificate.pemCODEsudo chmod 644 /var/nexthink/console/etc/certificate.pemCODERestart the web console service to reflect the changes
sudo systemctl start nxconsoleNONEExample:
