This is a how-to for Renew the NovaStor DC Command Server SSL certificate, which is installed on the Command Server 8.x for Linux, utilized by the WebGUI, and to communicate to the client nodes.
The SSL certificate that is stored on the Command Server machine is generated with a validity length of 90 days. If you were to install the Command Server on June 1, 2020, then it will be valid until September 1, 2020, and beyond that date that it will be in the expired state, and will require renewal. If the certificate validity is expired it will just require you to ignore the extra initial cert invalid warning when accessing the WebGUI via web browser. The SSL certificate renewal process is currently a manual process that you will need to perform from your Command Server machine directly.
Steps for Linux based Command Server 8.x:
- Start an SSH session or a shell session in Linux as a user that has sudo access (check by using command: 'sudo -i' after logging in, if it says you do not have sudo rights then choose a different user to login as and try this again), or login as root.
- Type: cd /opt/NovaStor/DataCenter/etc/central_scripts
- Note: If you utilized a different installation folder for Command Server for Linux then you will need to specify that path to cd to. If you are unable to cd to the '/etc/central_scripts' sub-folder then it means that your user does not have access to the folder, perhaps due to folder permissions. You will either need to perform a 'sudo -i' command to have su access, or login as root as described in Step 1.
- Type: sudo ./renew_cert.sh
- Note: If you get an error to do with the user does not have sudo rights, then login with a user that does have sudo access, or as root and re-try all of the steps.
- Make sure that the last output of the command is displayed as: "Certificate was added to keystore".
Now clear all of the web browser's cache/cookies that access the Command Server's WebGUI website. Attempt to access the WebGUI URL from those web browsers once more to verify the SSL certificate's validity dates. It should have provided you with 90 more days of validity from today's date.