# Appendix G - Securing Default Certificates on N2W Server

{% hint style="warning" %}
*None* of the following procedures should be attempted when Backups/DR/Cleaning/S3 Copy are running. Linux Knowledge is required.
{% endhint %}

The N2W server comes with a default self-signed HTTPS certificate that will show as ‘Not Secure’ in the browser. You can secure the certificate and reach the UI by either:

* Selecting the **Advanced** button in the ‘Your  connection is not private” message, or
* Adding an exception to the browser. See the Appendix B screenshot in the *N2W Quick Start Guide* at <https://docs.n2ws.com/quick-start/appendix-b-adding-exception-for-default-browser>

If you purchased an HTTPS certificate from a certificate authority, you can replace the default certificate with the new one as follows:

1. Connect to the N2W instance over SSH.
2. Use ‘`sudo`’ to reach the certificate folder, keeping the ownership and permissions of the files (‘`cp`’).
3. Go to `/opt/n2wsoftware/cert`

```
cd /opt/n2wsoftwar/cert
```

&#x20; 4\.  In the folder, replace `cpm_server.crt` and `cpm_server.key` with new files having the same names.

&#x20; 5\.  If you are using MobaXterm, you can drag/drop files to the SSH session, and then copy the files to the correct folder.

&#x20; 6\.  After replacing the files, restart Apache: **`sudo`**` ``service apache2 restart`

For full details, see: <https://n2ws.zendesk.com/hc/en-us/articles/28828504792605-How-to-change-the-SSL-certificate-and-key-used-by-N2WS-Server>

**To test the certificate before deploying to production:**&#x20;

The user can launch a new N2W trial instance to see if the new certificate works there.

**If there are any issues**, you can restore/recreate the original default certificate as follows:

{% hint style="warning" %}
Only perform these steps if you know how to use SSH and Linux commands.
{% endhint %}

1. Connect to the N2W instance over SSH using a tool such as PuTTY or MobaXterm.
2. Use ‘`sudo`’ to reach the certificate folder, keeping the ownership and permissions of the files:     **sudo** su
3. Go to `/opt/n2wsoftware/cert`:&#x20;

```
cd /opt/n2wsoftwar/cert
```

&#x20; 4\.  Move the existing `.crt` and `.key` files to a new name:

```
mv cpm_server.crt backup_cpm_server.crt
mv cpm_server.key backup_cpm_server.key
```

&#x20; 5\.  Stop/Start the instance.

For full details, see: <https://n2ws.zendesk.com/hc/en-us/articles/28855498398749-How-to-restore-recreate-the-default-server-certificate>