Stop/Start httpd (Apache1.3) [urgent]..

I need to install new SSL certificate on my apache web server on Solaris8 machine.
The server is now running with the expired SSL certificate and if I stop the server, I will never be able to start it with expired certificate if something goes wrong with any problem with the new certificate.

What is the command for restart httpd with ssl:
/usr2/apache1.3.28/bin/apachectl startssl
/usr2/apache1.3.28/bin/apachectl restart

Shall I stop httpd first:
/usr2/apache1.3.28/bin/apachectl stop ??

When I run /usr2/apache1.3.28/bin/apachectl configtest
it returns: syntax OK
(does it really ensure that my /usr2/apache1.3.28/conf/httpd.conf file is OK?)

In my server the /etc/rc3.d/S99httpd file is:
case "$1" in
                echo "Starting Apache Web Server"
                $bindir/apachectl start
'startssl' )
                echo "Starting Apache Web Server with SSL"
                $bindir/apachectl startssl
                echo "Restarting Apache Web Server"
                $bindir/apachectl restart
                echo "Stopping Apache Web Server"
                $bindir/apachectl stop
        echo "Usage: $0 { start | restart | stop }"
        exit 1
exit 0

The only part of the /usr2/apache1.3.28/conf/httpd.conf file where I made changes is:

<VirtualHost 100.100.440.3:443>
        DocumentRoot "/usr2/apache1.3.28/htdocs"
        ErrorLog /usr2/apache1.3.28/logs/error_log
        TransferLog /usr2/apache1.3.28/logs/access_log
        SSLEngine on
        SSLCertificateFile /usr2/apache1.3.28/conf/ssl.crt/test.comp.com_new.crt
        SSLCertificateKeyFile /usr2/apache1.3.28/conf/ssl.key/server2004.key
        SSLCACertificateFile /usr2/apache1.3.28/conf/ssl.crt/comp-ca.crt
        <Files ~ "\.(cgi|shtml|phtml|php3?)$">
                SSLOptions +StdEnvVars
        <Directory "/usr2/apache1.3.28/cgi-bin">
                SSLOptions +StdEnvVars
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
        CustomLog /usr2/apache1.3.28/logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

#<VirtualHost 100.100.440.7:443>
#        DocumentRoot "/usr2/apache1.3.28/htdocs"
#        ServerName
#        ServerAdmin
#        ErrorLog /usr2/apache1.3.28/logs/error_log
#        TransferLog /usr2/apache1.3.28/logs/access_log
#        SSLEngine on
#        SSLCertificateFile /usr2/apache1.3.28/conf/ssl.crt/
#        SSLCertificateKeyFile /usr2/apache1.3.28/conf/ssl.key/server2003.key
#        SSLCACertificateFile /usr2/apache1.3.28/conf/ssl.crt/comp-ca.crt
#        <Files ~ "\.(cgi|shtml|phtml|php3?)$">
#                SSLOptions +StdEnvVars
#        </Files>
#        <Directory "/usr2/apache1.3.28/cgi-bin">
#                SSLOptions +StdEnvVars
#        </Directory>
#        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
#        CustomLog /usr2/apache1.3.28/logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
I commented out the 2nd VirtualHost block this time. And updated the files:
SSLCertificateFile /usr2/apache1.3.28/conf/ssl.crt/test.comp.com_new.crt
SSLCertificateKeyFile /usr2/apache1.3.28/conf/ssl.key/server2004.key
SLCACertificateFile /usr2/apache1.3.28/conf/ssl.crt/comp-ca.crt

What commands in sequence do I need to type to install this new SSL certificate?
Is there any way that I can verify beforhand (before I stop httpd) that httpd can be properly restarted??

Who is Participating?
periwinkleConnect With a Mentor Commented:
After installing the new certificate, you will need to stop the server via:

apachectl stop

and then restart it, using startssl:

apachectl startssl

Why is it that you feel you won't be able to restart it if the certificate has expired?  I believe that you can.
tookiAuthor Commented:
Thanks!!I had heard that I cannot start a server with expired certificate (I'm wrong then!). As it's a production system, I wanted to know beforehand......
I will try this stop and startssl option as you said...
but I understand that you are installing a new certificate, correct?  You could simply self-sign a certificate, should the need arise.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.