Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 390
  • Last Modified:

SSL certificate renewal when moving servers

We have moved a secure website to another server (HTTPS) and presumably need to regenerate a new CSR record for the new box and have Comodo reissue the certificate.

Two questions:
1. If this the correct procedure or can we just reuse the old cert (same domain name)
2. Does anyone know if Comodo re-issue certificates for free?

0
brothertom
Asked:
brothertom
  • 2
  • 2
1 Solution
 
IanThCommented:
if its using a different ip address then its a new cert if its using the same ip address then posibly a re-issue
0
 
brothertomAuthor Commented:
No, its a new IP, so will have to get a new one.

As a matter of interest, what underlying information is used to create the private key?
0
 
IanThCommented:
the ip address imho
0
 
Dave HoweSoftware and Hardware EngineerCommented:
as long as the domain name (NOT IP address) has not changed, it shouldn't need a new certificate.
just export the old key+cert from the old box (a pkcs #12 file is standard there) and import to the new.

the private key contains NO host information - it is purely an encryption tool.
the public key is calcuated from the private key and again, is not host specific

the public *certificate* however contains the domain name (or ip address, or whatever you asked the CA to sign, but usually domain name), the company name, the CA's certificate ID (and name), the duration of the certificate, and the public key. it is digitally signed by the private key of the CA to ensure validity.

but to be certain, inspect the old certificate (just visit the site in almost any browser, and do "view certificate") and check the subject name is the site domain name. that is all the browser checks (and it is the browser that cares, not the server)
0
 
brothertomAuthor Commented:
Yes, you right - the certificate is validating the site name not the IP.
However, Comodo have very kindly agreed to issue anyway, so thats the way we'll go with this.

Cheers
BT
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now