Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Renew SSL Certificates for NorthStar Web UI

NorthStar generates SSL certificates during installation. You can renew or replace these SSL certificates generated during installation with the trusted certificates issued or approved by the information technology department in your organization. This topic describes how to replace the SSL certificates for web processes.

The SSL certificate files cert.pem and key.pem are located at /opt/northstar/web/certs/. Both these certificates are in X.509 format and you must restart the web process after you replace the files.

For internal server communications to happen seamlessly, the servers must have valid security certificates installed. However, these certificates do not affect the web processes, and needs to be replaced or renewed only if your security team needs you to do so.

SSL certificates for individual servers are located in these locations:

  • Health Monitor—/opt/northstar/healthMonitor/certs

  • ES Proxy—/opt/northstar/esauthproxy/certs

  • Web Health—/opt/northstar/web/routes/v1/health/certs

  • SNMP Collection—/opt/northstar/snmp-collector/conf

To replace the SSL certificates for NorthStar web UI:

  1. Establish an SSH connection to device on which NorthStar is installed.
  2. Navigate to /opt/northstar/web/.

  3. Locate the folder named certs. The trusted SSL certificates are stored in this folder.

    • cert.pem—Certificate file

    • key.pem—Key used to generate the certificate.

  4. Verify expiration date of the current SSL certificates.
  5. Run the following command to view the contents of the certificate file:
  6. Copy the new certificate files and back up the existing certificate files. You can use the backed up certificate files to restore them later in case you face any issue.
    Note:

    The names of the certificate files must be cert.pem and key.pem, respectively.

  7. (Optional) Verify the status of the severs and web processes.
  8. Restart the web processes for the changes to take effect.
  9. Verify that the severs and web processes are running after the restart.

    The certificates have been successfully renewed and web services restarted. You can now verify the certificate information from your web browser.

Note:

NorthStar overwrites any user-defined certificates during an upgrade. You need to replace the certificates again after an upgrade.