Solved

Apache ssl cert

Posted on 2013-11-12
7
277 Views
Last Modified: 2013-11-21
I am running apache http server 2.2. I need to renew the ssl cert but am unsure if I need to generate a new csr. Some sites indicate no others say yes. Hopefully someone can give me the correct answer. Thanks
0
Comment
Question by:Sid_F
  • 4
  • 3
7 Comments
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 39642516
Some sites require you to submit a new CSR if you are changing the domain name or the sitename to something different. Some sites will allow you to renew from the old Certificate.

Best practice is to create a new CSR.
0
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 39642517
once you get the new Certificate issued:

    -Copy your renewed certificate, intermediate certificate bundle and key file (generated when you created the Certificate Signing Request (CSR)) into the directory that you will be using to hold your certificates.

    -Open the Apache httpd.conf file and add the following directives:
        SSLCertificateFile /path to certificate file/your issued certificate
        SSLCertificateKeyFile /path to key file/your key file
        SSLCertificateChainFile /path to intermediate certificate/null
   
-Save your httpd.conf file and restart Apache.
0
 
LVL 6

Author Comment

by:Sid_F
ID: 39642786
I am not changing anything about the domain or site name. How do I know if I need a new csr based on the site
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 13

Expert Comment

by:Ugo Mena
ID: 39642824
It will depend on who issued your Certificate and if you are renewing through the same place.

Where did you get your Certificate from?
0
 
LVL 6

Author Comment

by:Sid_F
ID: 39644252
Yes same place commodo
0
 
LVL 13

Accepted Solution

by:
Ugo Mena earned 500 total points
ID: 39644836
Looks like Comodo CAN use the old CSR but this is their recommendation:

Can I use my old CSR?:

Some web servers will allow this, but we recommend (for security reasons) a new CSR for every renewal.

If you use the original CSR and someone has previously acquired the Private Key without your knowledge then you are still at risk of attacks during encrypted sessions.
If you use a new CSR then anyone possessing the Private Key looses the ability to decrypt your encrypted sessions when you apply the new certificate issued from the new CSR.
0
 
LVL 6

Author Closing Comment

by:Sid_F
ID: 39666242
Thanks
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Service "nameserver" appears to be down 4 581
new line in php on linux server 6 189
Changing Sitemap Frequency on XML File 3 68
PHP Upload using Uploadify 4 90
Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now