Solved

Apache ssl cert

Posted on 2013-11-12
7
278 Views
Last Modified: 2013-11-21
I am running apache http server 2.2. I need to renew the ssl cert but am unsure if I need to generate a new csr. Some sites indicate no others say yes. Hopefully someone can give me the correct answer. Thanks
0
Comment
Question by:Sid_F
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 39642516
Some sites require you to submit a new CSR if you are changing the domain name or the sitename to something different. Some sites will allow you to renew from the old Certificate.

Best practice is to create a new CSR.
0
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 39642517
once you get the new Certificate issued:

    -Copy your renewed certificate, intermediate certificate bundle and key file (generated when you created the Certificate Signing Request (CSR)) into the directory that you will be using to hold your certificates.

    -Open the Apache httpd.conf file and add the following directives:
        SSLCertificateFile /path to certificate file/your issued certificate
        SSLCertificateKeyFile /path to key file/your key file
        SSLCertificateChainFile /path to intermediate certificate/null
   
-Save your httpd.conf file and restart Apache.
0
 
LVL 6

Author Comment

by:Sid_F
ID: 39642786
I am not changing anything about the domain or site name. How do I know if I need a new csr based on the site
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 13

Expert Comment

by:Ugo Mena
ID: 39642824
It will depend on who issued your Certificate and if you are renewing through the same place.

Where did you get your Certificate from?
0
 
LVL 6

Author Comment

by:Sid_F
ID: 39644252
Yes same place commodo
0
 
LVL 13

Accepted Solution

by:
Ugo Mena earned 500 total points
ID: 39644836
Looks like Comodo CAN use the old CSR but this is their recommendation:

Can I use my old CSR?:

Some web servers will allow this, but we recommend (for security reasons) a new CSR for every renewal.

If you use the original CSR and someone has previously acquired the Private Key without your knowledge then you are still at risk of attacks during encrypted sessions.
If you use a new CSR then anyone possessing the Private Key looses the ability to decrypt your encrypted sessions when you apply the new certificate issued from the new CSR.
0
 
LVL 6

Author Closing Comment

by:Sid_F
ID: 39666242
Thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

761 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question