Updating SSL certificates (on-prem installations)
The certificate bundle is issued by your certificate authority in a .zip file format consisting of several .csr files, these files in addition with the private key & CSR generated before the purchase of a certificate are needed to complete installation of the SSL certificate onto the server.
RSpace uses Apache Web Server to handle HTTPS connections before they are passed on to the RSpace application, so SSL configuration is handled by Apache (the apache2 package on Ubuntu).
As a base you’ll have 3 files from your certificate authority
- .key file – This will contain our private key generated before the certificate purchase
- .csr certificate – This is your actual SSL certificate
- CA_bundle – This is the root signing certificate
You’ll need to transfer these files to your server. By default SSL certificates are kept in the /etc/apache2/ssl/ directory so that’s where your new certificates should go.
Once your certificate files are copied to the /etc/apache2/ssl/ directory, you need to edit the Apache configuration file, this is so Apache knows to use the updated certificates.
Navigate to your Apache configuration located in the /etc/apache2/sites-enabled/ directory. The file will be called something along the lines of rspace.conf or rspace-standalone.conf, you can go ahead and make a copy of that file as a backup and then open our config file with a text editor like nano or vim.
You’ll already have the SSL configuration details in this file, because you're only updating the SSL certificate and not setting up SSL for the first time. Inside of this configuration file you’re only really interested in a few lines, specifically inside the <VirtualHost *:443> area.
There are 3 lines you need to edit to reflect the newly copied certificates 👇
You need to change these 3 paths to point to the new certificates, so in my case I’ll change them to 👇
It is essential to ensure that the tab formatting in your config file stays the same, your config file should look like the image below:
Once you've done that, Apache will know to use the new certificates. You can save our updated configuration file and return back to the terminal.
You now need to run just two more commands:
- Run the command apachectl configtest – This tests our configuration file to ensure the formatting has been kept correct
- Run the command sudo systemctl restart apache2 – This restarts the Apache service, since the service needs to be restarted for configuration changes to take effect.
Once the service has restarted your server will use the updated SSL certificates and you've successfully updated the SSL certificates on your RSpace server!
If you encounter any issues or require further information then you're always welcome to contact RSpace support.