Updating SSL certificates (on-prem installations)

The certificate bundle is issued by your certificate authority in a .zip file format consisting of several .csr files, these files in addition with the private key & CSR generated before the purchase of a certificate are needed to complete installation of the SSL certificate onto the server.

RSpace uses Apache Web Server to handle HTTPS connections before they are passed on to the RSpace application, so SSL configuration is handled by Apache (the apache2 package on Ubuntu).

As a base you’ll have 3 files from your certificate authority

  • .key file – This will contain our private key generated before the certificate purchase
  • .csr certificate – This is your actual SSL certificate
  • CA_bundle – This is the root signing certificate

You’ll need to transfer these files to your server. By default SSL certificates are kept in the /etc/apache2/ssl/ directory so that’s where your new certificates should go.

The new SSL certificates can be transfered to your server in many ways depending on your server configuration. This may include a file transfer or other options. Consult your IT team on the best way to transfer your certificates to your on-prem server

Once your certificate files are copied to the /etc/apache2/ssl/ directory, you need to edit the Apache configuration file, this is so Apache knows to use the updated certificates.

Navigate to your Apache configuration located in the /etc/apache2/sites-enabled/ directory. The file will be called something along the lines of rspace.conf or rspace-standalone.conf, you can go ahead and make a copy of that file as a backup and then open our config file with a text editor like nano or vim.

You’ll already have the SSL configuration details in this file, because you're only updating the SSL certificate and not setting up SSL for the first time. Inside of this configuration file you’re only really interested in a few lines, specifically inside the <VirtualHost *:443> area.

For the purposes of this doc, our old certificates are named "docs-demo" and our new certificates are named "new-docs-demo"

There are 3 lines you need to edit to reflect the newly copied certificates 👇

SSLCertificateFile /etc/apache2/ssl/docs-demo.researchspace.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/docs-demo-researchspace.key
SSLCertificateChainFile /etc/apache2/ssl/docs-demo-gd_bundle-g2-g1.crt

You need to change these 3 paths to point to the new certificates, so in my case I’ll change them to 👇

SSLCertificateFile /etc/apache2/ssl/new-docs-demo.researchspace.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/new-docs-demo-researchspace.key
SSLCertificateChainFile /etc/apache2/ssl/new-docs-demo-gd_bundle-g2-g1.crt

It is essential to ensure that the tab formatting in your config file stays the same, your config file should look like the image below:

Once you've done that, Apache will know to use the new certificates. You can save our updated configuration file and return back to the terminal.

You now need to run just two more commands:

  1. Run the command apachectl configtest – This tests our configuration file to ensure the formatting has been kept correct
  2. Run the command sudo systemctl restart apache2 – This restarts the Apache service, since the service needs to be restarted for configuration changes to take effect.
If you get an error message such as a syntax error or failure to restart the service after running any of the 2 commands above, it's likely that the formatting on the config file has been modified in a way Apache doesn't like. Check your .conf file and ensure all formatting is correct.

Once the service has restarted your server will use the updated SSL certificates and you've successfully updated the SSL certificates on your RSpace server!

If you encounter any issues or require further information then you're always welcome to contact RSpace support.

How did we do?

Powered by HelpDocs (opens in a new tab)