When you run nems-init NEMS generates your SSL certificates. However, if you ever want to update your certs, you definitely don't want to run nems-init again - that'd wipe out your configuration.
So nems-cert has you covered.
This will take you through the certificate creation process once again, generate your certificates and certificate authority, install them, and restart the services which use them.
If you generate a new certificate for NEMS you may need to delete the old one from your browser and restart, and then create a new exception for the self-signed certificate.
nems-cert temporarily uses Debian Snakeoil certificates - so all the information covered in this doc (other than how to run the program) is irrelevant at present. For now, when you run nems-cert, it will just do its thing with no user input. This is to resolve an issue with Windows 10 users unable to connect to their NEMS 1.3 server. A fix will be issued in future bringing back the nems-cert interface.
Do you want to create a certificate quickly? The Generic Settings option allows you to create and deploy a certificate very quickly with absolutely no user input needed.
Custom Settings allows you to manually specify some of the information for your certificate. This is not generally public information, but will be seen when you view the certificate in your browser (for example).
nems-cert generates SHA256 encrypted certificates with RSA 2048 keys.
Once you have generated your SSL Certificate, you can view it with the following command:
sudo nems-info sslcert
Of course, the work I do on NEMS is freely available. Just don't forget to throw something in the Tip Jar if you like what I do.
If using nems-cert (or, gen-cert.sh in this case) outside NEMS, you'll simply need to install a few components:
sudo apt update && sudo apt install openssl dialog
You'll also want to change where the certs are saved to within the source code since the NEMS locations won't be relevant.