Solved

replace the test cert with a commercial one (mod_ssl)

Posted on 2004-08-10
3
317 Views
Last Modified: 2010-03-04
hi folks,

i've installed a test cert for SSL on Apache 2.0.45 for Windows 2k, by creating a key, creating a CSR and then installing a temporary test cert. i've used mod_ssl 2.0.48. i followed the steps outlined in:
http://www.devx.com/opensource/Article/20085
and i now have 2 mydomain.crt files, 2 mydomain.key files and one mydomain.csr files, in the \ssl and \bin directories.

now i want to change the test cert for SSL to a commercial cert (Entrust).

do i just remove the existing .csr, .crt and .key files (should i also roll back changes in the httpd.conf, openssl.conf etc.), do i just create new key & csr files ignoring the existing setup, or can anybody point me in the right direction to go about replacing my test cert setup with the commercial one?
0
Comment
Question by:gdoherty
3 Comments
 
LVL 1

Accepted Solution

by:
justywong earned 150 total points
ID: 11770612
For Unix/Linux version,

assume your $APACHE_HOME = /usr/local/apache2

you can just copy the new cert & key files (name different from old cert and key)  to
  $APACHE_HOME/conf/ssl.key & ssl.crt

and modify the $APACHE_HOME/conf/ssl.conf to point to your new key & cert file.
e.g.
(old key & cert):
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/test_server.key
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/test_server.crt
(new key & cert):
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/prod_server.key
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/prod_server.crt

remember to backup your ssl.conf before making change. you can just recover the ssl.conf in case you need to rollback.
0
 

Author Comment

by:gdoherty
ID: 11771110
many thanks - wouldn't have thought of that, but it makes sense.

that said, i'm using windows 2k - can anyody out there let me know is there anything else that i need to do on w2k/apache/mod_ssl before justywong gets the points?

thanks,
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 100 total points
ID: 11771727
> do i just remove the existing .csr, .crt and .key files
yes
> (should i also roll back changes in the httpd.conf, openssl.conf etc.)
not necessary

to do it save and have a working backup, you may install your certs/keys in e new directory, and then change httpd.conf (see previous suggestion), but IMHO that's more error-prone than replaceing 2 files
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question