Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 292
  • Last Modified:

Apache ssl cert

I am running apache http server 2.2. I need to renew the ssl cert but am unsure if I need to generate a new csr. Some sites indicate no others say yes. Hopefully someone can give me the correct answer. Thanks
0
Sid_F
Asked:
Sid_F
  • 4
  • 3
1 Solution
 
Ugo MenaCommented:
Some sites require you to submit a new CSR if you are changing the domain name or the sitename to something different. Some sites will allow you to renew from the old Certificate.

Best practice is to create a new CSR.
0
 
Ugo MenaCommented:
once you get the new Certificate issued:

    -Copy your renewed certificate, intermediate certificate bundle and key file (generated when you created the Certificate Signing Request (CSR)) into the directory that you will be using to hold your certificates.

    -Open the Apache httpd.conf file and add the following directives:
        SSLCertificateFile /path to certificate file/your issued certificate
        SSLCertificateKeyFile /path to key file/your key file
        SSLCertificateChainFile /path to intermediate certificate/null
   
-Save your httpd.conf file and restart Apache.
0
 
Sid_FAuthor Commented:
I am not changing anything about the domain or site name. How do I know if I need a new csr based on the site
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
Ugo MenaCommented:
It will depend on who issued your Certificate and if you are renewing through the same place.

Where did you get your Certificate from?
0
 
Sid_FAuthor Commented:
Yes same place commodo
0
 
Ugo MenaCommented:
Looks like Comodo CAN use the old CSR but this is their recommendation:

Can I use my old CSR?:

Some web servers will allow this, but we recommend (for security reasons) a new CSR for every renewal.

If you use the original CSR and someone has previously acquired the Private Key without your knowledge then you are still at risk of attacks during encrypted sessions.
If you use a new CSR then anyone possessing the Private Key looses the ability to decrypt your encrypted sessions when you apply the new certificate issued from the new CSR.
0
 
Sid_FAuthor Commented:
Thanks
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now