This article describes how to install UNMS using another certificate, other than the default LetsEncrypt option found in UNMS.
Table of Contents
Prepare the Certificate
NOTE: A GoDaddy wildcard SSL certificate was used as an example for this article. It was delivered in .crt format and exported to .pfx files using Microsoft's "certificates" snap-in with MMC.
Create ".pem" versions of the public key full chain and the private key:
1. Install OpenSSL on the Windows desktop if not already installed.
2. Copy the full chain .pfx to the computer, eg. to C:\Program Files\OpenSSL-Win64\bin\
3. Open a command prompt and go to the folder used in the step above, and run:
openssl pkcs12 -in your-new-full-chain.pfx -nocerts -out privatekey.pem -nodes
openssl pkcs12 -in your-new-full-chain.pfx -nokeys -out public-cert.pem -nodes
4. Both times, you are prompted for the SSL certificate encryption password. You provided this when you made the PFX. This produces two files: 'privatekey.pem' and 'public-cert.pem'.
ATTENTION: Be VERY CAREFUL with the privatekey.pem file. Do not leave a copy of this file anywhere it can be easily reached.
5. Copy these files to the UNMS server in the /etc/certificates directory (it is possible to use programs like WinSCP or similar to move the files).
Delete the Old Certificate
Run these commands to remove the old data:
sudo chmod a+rwx cert
sudo chmod a-rwx cert
sudo chmod u+rw cert
At this point, it is necessary to reinstall UNMS by running again the installation script with this command:
curl -fsSL https://unms.com/v1/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh --ssl-cert-dir /etc/certificates --ssl-cert put-the-name-of-fullchain.pem --ssl-cert-key put-name-of-privkey.pem
IMPORTANT: Please note that it is vital to include any optional installation tags that were potentially used in the previous installation.