Appendix G - Securing Default Certificates on N2WS Server

The N2WS server comes with a default self-signed HTTPS certificate that will show as ‘Not Secure’ in the browser. You can secure the certificate and reach the UI by either:

• Selecting the Advanced button in the ‘Your connection is not private” message, or

• Adding an exception to the browser. See the Appendix B screenshot in the N2WS Quick Start Guide at https://docs.n2ws.com/quick-start/appendix-b-adding-exception-for-default-browser

If you purchased an HTTPS certificate from a certificate authority, you can replace the default certificate with the new one as follows:

1. Connect to the N2WS instance over SSH.

2. Use ‘sudo’ to reach the certificate folder, keeping the ownership and permissions of the files (‘cp’).

3. Go to /opt/n2wsoftware/cert

cd /opt/n2wsoftwar/cert

4. In the folder, replace cpm_server.crt and cpm_server.key with new files having the same names.

5. If you are using MobaXterm, you can drag/drop files to the SSH session, and then copy the files to the correct folder.

6. After replacing the files, restart Apache: sudo service apache2 restart

For full details, see

https://support.n2ws.com/portal/en/kb/articles/how-to-change-the-certificat-and-key-used-by-cpm

To test the certificate before deploying to production:

The user can launch a new N2WS trial instance to see if the new certificate works there.

If there are any issues, you can restore/recreate the original default certificate as follows:

1. Connect to the N2WS instance over SSH using a tool such as PuTTY or MobaXterm.

2. Use ‘sudo’ to reach the certificate folder, keeping the ownership and permissions of the files: sudo su

3. Go to /opt/n2wsoftware/cert:

cd /opt/n2wsoftwar/cert

4. Move the existing .crt and .key files to a new name:

mv cpm_server.crt backup_cpm_server.crt
mv cpm_server.key backup_cpm_server.key

5. Stop/Start the instance.

For full details, see https://support.n2ws.com/portal/en/kb/articles/how-to-restore-recreate-the-default-server-certificate