
	Search: For: ~ Advanced Search

Support Home > VPS v1 > Webserver > SSL > Certificates >

Sunday, July 20, 2008

Moving your Custom SSL Certificate

If you are moving your secure Web site from one server to another, there are a few specific things you need to be aware of in order for the certificate to work on the new server.

Changing Operating Systems

Digital certificates work differently with different operating systems and Web Server software. Because of this, a certificate generated for a Windows2000 server running the IIS Web server does not work on a UNIX server running Apache. Likewise, a UNIX server running Netscape Web Server can not use a certificate designed to run on a UNIX server running Apache. All the Virtual Private Servers run a variant of Apache on a UNIX platform, however, which means that if you are moving from one Virtual Private Server to another, the certificate will probably work.

If your current certificate is not compatible with your new server, you will need to obtain a certificate for the new operating system and Web server. Most Certificate Authorities will issue a transfer certificate at a lesser cost than obtaining a new certificate. When transferring your certificate to a Virtual Private Server, be sure to get a certificate for Apache with SSL, openssl, or ModSSL (these are all the same thing, although different Signing Authorities may use slightly different names).

The Signing Authority will provide you with instructions on how to install a Transfer Certificate.

Moving a Certificate to a new server

If your current certificate is compatible with the server you are moving your secure Web site to, you do not need to get a new certificate. Simply move your certificate to the new server and ensure that it works.

Set up SSL on the new server: If you have not already done so, make sure that the new server has SSL running on it.
Copy the Certificate to the New ServerUsing FTP or another method, copy the certificate and Private Key files to the new server. Both the certificate and the key are stored in the ~/etc/ directory of the Virtual Private Server. The certificate should be in a file named ssl.cert, and the key should be in the ssl.pk file. If you use FTP, be sure to copy the files to the new server as ASCII files.
Make Sure your Private Key has been Decrypted
It's a good idea to check your Private Key to make sure it has been decrypted. Use more or your favorite text editor to view the file. If your key has been decrypted, you should not see the following lines before the encoded elements of the key.
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,BCC23A5E16582F3D
If your Private Key does have those lines near the beginning, run the following command to remove the encryption.
% openssl rsa -in ssl.pk -out ssl.pk
Restart Apache
With the ~/etc/ssl.pk in place and decrypted, and the ~/etc/ssl.cert in place on your Virtual Private Server, run the restart_apache command to restart your Web server so that it will use the new certificate.

If you have trouble getting your certificate to work, check the Digital Certificate Troubleshooting Guide for help. You are also welcome to Contact our Support Staff for help.

Technical Support

°	Getting Started Guides
	FreeBSD
°	Basic Hosting Help
°	Signature Hosting Help
°	VPS v1 Help
°	VPS v2/3 Help
°	MPS v2/3 Help
	Linux
°	VPS v3 Help
°	MPS v3 Help
	SaaS
°	Sugar CRM
	DNS
°	Domain Name Service
°	Domain Registration
°	Help Desk
°	Knowledgebase
°	Support Policies
°	Disclaimer

°	AlpineWeb Home
°	Compare Hosting Plans
°	Network Topology

°	Rates & Fees
°	Order Center

	Web Server Encryption
·	Digital Certificates
·	SSL
·	Default Certificate
·	Custom Certificates
·	Create a CSR
·	Obtain a Certificate
·	Install Certificates
·	Move a Certificate
·	Troubleshoot a Certificate

Home | Site Map | Customer Backroom