UNMS - How to Install a Non-Default SSL Certificate


Overview


This article describes how to install UNMS using another certificate, other than the default LetsEncrypt option found in UNMS.


Table of Contents


  1. Prepare the Certificate
  2. Delete the Old Certificate
  3. Reinstall UNMS
  4. Related Articles

Prepare the Certificate


Back to Top

NOTE: A GoDaddy wildcard SSL certificate was used as an example for this article. It was delivered in .crt format and exported to .pfx files using Microsoft's "certificates" snap-in with MMC.

Create ".pem" versions of the public key full chain and the private key:

1. Install OpenSSL on the Windows desktop if not already installed.

2. Copy the full chain .pfx to the computer, eg. to C:\Program Files\OpenSSL-Win64\bin\

3. Open a command prompt and go to the folder used in the step above, and run:

openssl pkcs12 -in your-new-full-chain.pfx -nocerts -out privatekey.pem -nodes
openssl pkcs12 -in your-new-full-chain.pfx -nokeys -out public-cert.pem -nodes

4. Both times, you are prompted for the SSL certificate encryption password. You provided this when you made the PFX. This produces two files: 'privatekey.pem' and 'public-cert.pem'.

ATTENTION: Be VERY CAREFUL with the privatekey.pem file. Do not leave a copy of this file anywhere it can be easily reached. 

5. Copy these files to the UNMS server in the /etc/certificates directory (it is possible to use programs like WinSCP or similar to move the files).


Delete the Old Certificate


Back to Top

Run these commands to remove the old data:

cd /home/unms/data
sudo chmod a+rwx cert
cd cert
rm live.*
rm custom.*
cd ..
sudo chmod a-rwx cert
sudo chmod u+rw cert

Reinstall UNMS


Back to Top

At this point, it is necessary to reinstall UNMS by running again the installation script with this command:

curl -fsSL https://unms.com/v1/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh --ssl-cert-dir /etc/certificates --ssl-cert put-the-name-of-fullchain.pem --ssl-cert-key put-name-of-privkey.pem
IMPORTANT: Please note that it is vital to include any optional installation tags that were potentially used in the previous installation.

Related Articles


Back to Top

UNMS - Optional Installation Steps


We're sorry to hear that!