AlpineWeb Design Home
Is there a domain name available for you?  
Search: For:   ~ Advanced Search
    Hosting > VPS > Linux VPS > Administration > Webserver > SSL > Digital Certificate >

Move your Custom SSL Certificate

If you are moving your secure Web site from one server to another, there are a few specific concerns to be aware of in order for the certificate to work on the new server.

Change Operating Systems

Digital certificates work differently with different operating systems and Web Server software. Because of this, a certificate generated for a Windows2000 server running the IIS Web server does not work on a RHEL server running Apache. Likewise, a RHEL server running Netscape Web Server can not use a certificate designed to operate on a RHEL server running Apache.

If your current certificate is not compatible with your new server, obtain a certificate for the new operating system and Web server. Most certificate authorities will issue a transfer certificate at a lesser cost than obtaining a new certificate.

The signing authority provides you with instructions on how to install a transfer certificate.

Move a Certificate to a New Server

If your current certificate is compatible with the server you are moving your secure Web site to, you do not need a new certificate. Simply move your certificate to the new server and ensure that it works.
  1. 1.Connect to your private server by means of SSH and issue the following command:

    # mkdir /usr/local/certs
    # cd /usr/local/certs
  2. Using FTP or another method, copy the certificate and Private Key files to the new server. Copy the files to the /usr/local/certs/ directory. The certificate is in a file named ssl.cert, and the key is in a file named ssl.pk. If you use FTP, be sure to copy the file using ASCII format to avoid corrupting the file.
  3. Verify the Private Key has been decrypted by looking at the file. If the key has not been decrypted the first few lines appear as in the following example:

    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,BCC23A5E16582F3D
  4. To decrypt the key connect to your private server by means of SSH and issue the following commands:

    # cd /usr/local/certs
    # openssl rsa -in ssl.pk -out ssl.pk
  5. Create a PEM file that contains both the certificate and key. To do this, issue the following commands:

    # cd /usr/local/certs
    # cp ssl.pk YOUR-DOMAIN.NAME.pem
    # cat ssl.cert >> YOUR-DOMAIN.NAME.pem
  6. Edit your /www/conf/httpd.conf file to look for your certificate file by adding the following command:

    SSLCertificateFile /usr/local/certs/MY-DOMAIN.NAME.pem
  7. Once you have added the certificate directive to your /www/conf/httpd.conf file, issue restart_apache to make Apache start using the new certificate.




image


image
Authorized viaVerio Reseller         Authorize.net         Miva Certified Business Partner