HowTo Regenerate The TLS (SSL) Certificate For The NST WUI

From NST Wiki
Revision as of 07:27, 22 November 2019 by Rwh (talk | contribs) (Stricter Trusted Certificate Security Requirements)
Jump to navigationJump to search

Overview

This page demonstrates how to regenerate the TLS (Deprecated predecessor: SSL) self-signing certificate for the NST WUI.

nstcert

The process of generating an TLS key and certificate files and then making use of them in a Apache® configuration file can be a time consuming process. The "nstcert" script attempts to automate part of the process by generating template files for use within the Apache® httpd daemon. The script also generates a PEM (Privacy-enhanced Electronic Mail) file.

Generate a new TLS Certificate for the NST WUI

If one needs to generate a new self-signing TLS certificate for NST WUI usage, the following help script: "/usr/libexec/nstwui-ssl-gencerts" may be utilized. It uses the nstcert script described above in combination with the configuration file: "/etc/nst/wui/nstcert.conf". Edit this file to suit your needs. 

sudo /usr/libexec/nstwui-ssl-gencerts -r

The "-r" option is necessary to remove the previous TLS certificate.

Stricter Trusted Certificate Security Requirements

Note: One may need to generate a new TLS certificate for the NST WUI do to stricter trusted security requirements (E.g., Requirements for trusted certificates).
Retrieved from "https://wiki.networksecuritytoolkit.org/nstwiki/index.php?title=HowTo_Regenerate_The_TLS_(SSL)_Certificate_For_The_NST_WUI&oldid=9321"