# Appendix G - Securing Default Certificates on N2W Server

{% hint style="warning" %}
*None* of the following procedures should be attempted when Backups/DR/Cleaning/S3 Copy are running. Linux Knowledge is required.
{% endhint %}

The N2W server comes with a default self-signed HTTPS certificate that will show as ‘Not Secure’ in the browser. You can secure the certificate and reach the UI by either:

* Selecting the **Advanced** button in the ‘Your  connection is not private” message, or
* Adding an exception to the browser. See the Appendix B screenshot in the *N2W Quick Start Guide* at <https://docs.n2ws.com/quick-start/appendix-b-adding-exception-for-default-browser>

If you purchased an HTTPS certificate from a certificate authority, you can replace the default certificate with the new one as follows:

1. Connect to the N2W instance over SSH.
2. Use ‘`sudo`’ to reach the certificate folder, keeping the ownership and permissions of the files (‘`cp`’).
3. Go to `/opt/n2wsoftware/cert`

```
cd /opt/n2wsoftwar/cert
```

&#x20; 4\.  In the folder, replace `cpm_server.crt` and `cpm_server.key` with new files having the same names.

&#x20; 5\.  If you are using MobaXterm, you can drag/drop files to the SSH session, and then copy the files to the correct folder.

&#x20; 6\.  After replacing the files, restart Apache: **`sudo`**` ``service apache2 restart`

For full details, see: <https://n2ws.zendesk.com/hc/en-us/articles/28828504792605-How-to-change-the-SSL-certificate-and-key-used-by-N2WS-Server>

**To test the certificate before deploying to production:**&#x20;

The user can launch a new N2W trial instance to see if the new certificate works there.

**If there are any issues**, you can restore/recreate the original default certificate as follows:

{% hint style="warning" %}
Only perform these steps if you know how to use SSH and Linux commands.
{% endhint %}

1. Connect to the N2W instance over SSH using a tool such as PuTTY or MobaXterm.
2. Use ‘`sudo`’ to reach the certificate folder, keeping the ownership and permissions of the files:     **sudo** su
3. Go to `/opt/n2wsoftware/cert`:&#x20;

```
cd /opt/n2wsoftwar/cert
```

&#x20; 4\.  Move the existing `.crt` and `.key` files to a new name:

```
mv cpm_server.crt backup_cpm_server.crt
mv cpm_server.key backup_cpm_server.key
```

&#x20; 5\.  Stop/Start the instance.

For full details, see: <https://n2ws.zendesk.com/hc/en-us/articles/28855498398749-How-to-restore-recreate-the-default-server-certificate>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.n2ws.com/user-guide/appendix-g-securing-default-certificates-on-n2w-server.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.