Stop/Start httpd (Apache1.3) [urgent]..

I need to install new SSL certificate on my apache web server on Solaris8 machine.
The server is now running with the expired SSL certificate and if I stop the server, I will never be able to start it with expired certificate if something goes wrong with any problem with the new certificate.

What is the command for restart httpd with ssl:
/usr2/apache1.3.28/bin/apachectl startssl
or
/usr2/apache1.3.28/bin/apachectl restart

Shall I stop httpd first:
/usr2/apache1.3.28/bin/apachectl stop ??

When I run /usr2/apache1.3.28/bin/apachectl configtest
it returns: syntax OK
(does it really ensure that my /usr2/apache1.3.28/conf/httpd.conf file is OK?)

In my server the /etc/rc3.d/S99httpd file is:
===============
#!/bin/sh
prefix=/usr2/apache1.3.28
exec_prefix=${prefix}
bindir=${exec_prefix}/bin
case "$1" in
'start')
                echo "Starting Apache Web Server"
                $bindir/apachectl start
        ;;
'startssl' )
                echo "Starting Apache Web Server with SSL"
                $bindir/apachectl startssl
        ;;
'restart')
                echo "Restarting Apache Web Server"
                $bindir/apachectl restart
        ;;
'stop')
                echo "Stopping Apache Web Server"
                $bindir/apachectl stop
        ;;
*)
        echo "Usage: $0 { start | restart | stop }"
        exit 1
        ;;
esac
exit 0
================================

The only part of the /usr2/apache1.3.28/conf/httpd.conf file where I made changes is:

=============
<VirtualHost 100.100.440.3:443>
        DocumentRoot "/usr2/apache1.3.28/htdocs"
        ServerName test.comp.com
        ServerAdmin root@test.comp.com
        ErrorLog /usr2/apache1.3.28/logs/error_log
        TransferLog /usr2/apache1.3.28/logs/access_log
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /usr2/apache1.3.28/conf/ssl.crt/test.comp.com_new.crt
        SSLCertificateKeyFile /usr2/apache1.3.28/conf/ssl.key/server2004.key
        SSLCACertificateFile /usr2/apache1.3.28/conf/ssl.crt/comp-ca.crt
        <Files ~ "\.(cgi|shtml|phtml|php3?)$">
                SSLOptions +StdEnvVars
        </Files>
        <Directory "/usr2/apache1.3.28/cgi-bin">
                SSLOptions +StdEnvVars
        </Directory>
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
        CustomLog /usr2/apache1.3.28/logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

#<VirtualHost 100.100.440.7:443>
#        DocumentRoot "/usr2/apache1.3.28/htdocs"
#        ServerName web.comp.com
#        ServerAdmin root@test.comp.com
#        ErrorLog /usr2/apache1.3.28/logs/error_log
#        TransferLog /usr2/apache1.3.28/logs/access_log
#        SSLEngine on
#        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#        SSLCertificateFile /usr2/apache1.3.28/conf/ssl.crt/web.comp.com.crt
#        SSLCertificateKeyFile /usr2/apache1.3.28/conf/ssl.key/server2003.key
#        SSLCACertificateFile /usr2/apache1.3.28/conf/ssl.crt/comp-ca.crt
#        <Files ~ "\.(cgi|shtml|phtml|php3?)$">
#                SSLOptions +StdEnvVars
#        </Files>
#        <Directory "/usr2/apache1.3.28/cgi-bin">
#                SSLOptions +StdEnvVars
#        </Directory>
#        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
#        CustomLog /usr2/apache1.3.28/logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
#</VirtualHost>
===============
I commented out the 2nd VirtualHost block this time. And updated the files:
SSLCertificateFile /usr2/apache1.3.28/conf/ssl.crt/test.comp.com_new.crt
SSLCertificateKeyFile /usr2/apache1.3.28/conf/ssl.key/server2004.key
SLCACertificateFile /usr2/apache1.3.28/conf/ssl.crt/comp-ca.crt

What commands in sequence do I need to type to install this new SSL certificate?
Is there any way that I can verify beforhand (before I stop httpd) that httpd can be properly restarted??

tookiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

periwinkleCommented:
After installing the new certificate, you will need to stop the server via:

apachectl stop

and then restart it, using startssl:

apachectl startssl

Why is it that you feel you won't be able to restart it if the certificate has expired?  I believe that you can.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tookiAuthor Commented:
Thanks!!I had heard that I cannot start a server with expired certificate (I'm wrong then!). As it's a production system, I wanted to know beforehand......
I will try this stop and startssl option as you said...
0
periwinkleCommented:
but I understand that you are installing a new certificate, correct?  You could simply self-sign a certificate, should the need arise.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.