Enapter Gateway Custom HTTPS Certificates

Note

These instructions assume you have some knowledge of the Linux shell, can use a console text editor, and know what you are doing.

During its first boot, the Enapter Gateway automatically generates self-signed certificates. This setup secures access to the Gateway Web UI and REST API.

While self-signed certificates are sufficient in many cases, using your own HTTPS certificates can prevent browser alerts about untrusted certificates.

To replace the self-signed certificates, you first need to access the Gateway either via SSH or the Run Terminal command from Enapter Cloud.

Applying Custom HTTPS certificate

The default HTTPS certificates are located in the user data filesystem at: /user/etc/enapter/certs/cert.pem for the certificate and /user/etc/enapter/certs/certkey.pem for the private key.

You can edit these files using Vim or Nano, which are console text editors:

sudo vi /user/etc/enapter/certs/cert.pem
sudo vi /user/etc/enapter/certs/certkey.pem

# or

sudo nano /user/etc/enapter/certs/cert.pem
sudo nano /user/etc/enapter/certs/certkey.pem

After you've made the desired changes, run the following command to verify that the certificates are correct and can be utilized by the web server:

sudo nginx -t

You should see:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If you encounter any errors, consider using a different set of certificates. If nothing resolves the issue, you can delete the certificate files. They will be regenerated from scratch upon the next reboot:

# sudo rm /user/etc/enapter/certs/cert.pem
# sudo rm /user/etc/enapter/certs/certkey.pem
# sudo reboot

If the configuration test finishes successfully, you need to apply the new settings by executing the following command:

sudo nginx -s reload

This command reloads the web server config, applying the changes you made to the certificates.