sam15
asked on
How renew godaddy SSL certificate
Hi
I have an oracle apache based web server with SSL certificate issued by godaddy that was delivered to me.
The SSL certificate will expire in another month.
Since server and CSR are the same can i renew certificate for domain for another 2 years without regenerating a new CSR, private key, etc.?
Doe godaddy give user options on renewal (no info needed) versus reissue (new CSR)?
I have an oracle apache based web server with SSL certificate issued by godaddy that was delivered to me.
The SSL certificate will expire in another month.
Since server and CSR are the same can i renew certificate for domain for another 2 years without regenerating a new CSR, private key, etc.?
Doe godaddy give user options on renewal (no info needed) versus reissue (new CSR)?
Hi,
Is SSL certificate from GoDaddy? You should directly renew it from the portal that triggers/issues the SSL certificate?
Is SSL certificate from GoDaddy? You should directly renew it from the portal that triggers/issues the SSL certificate?
Hi
Godaddy provides chat support. Have a word with them to get right direction.
Godaddy provides chat support. Have a word with them to get right direction.
Yes, it works, you just have to do it before it retires.
And you need access to the GoDaddy Account.
Even due to the fact, that new webserver certificates will only issued for 1 year anymore, and you have booked a longer time, they renew it automatically as far as you havn't disabled this mechanism.
And you need access to the GoDaddy Account.
Even due to the fact, that new webserver certificates will only issued for 1 year anymore, and you have booked a longer time, they renew it automatically as far as you havn't disabled this mechanism.
1) The SSL certificate will expire in another month. Since server and CSR are the same can i renew certificate for domain for another 2 years without regenerating a new CSR, private key, etc.?
CSR - You must have the original or generate a new one.
Then you'll download + install your new cert files (there will be a file bundle).
There's a shift underway which will likely be adopted by all certs eventually, to follow https://LetsEncrypt.org where certs must be renewed every 90 days.
Currently, longest you can likely get is 1 year, down from 2-10 years... in the past...
2) Doe godaddy give user options on renewal (no info needed) versus reissue (new CSR)?
If you have your original CSR you can renew, otherwise you must regenerate.
CSR - You must have the original or generate a new one.
Then you'll download + install your new cert files (there will be a file bundle).
There's a shift underway which will likely be adopted by all certs eventually, to follow https://LetsEncrypt.org where certs must be renewed every 90 days.
Currently, longest you can likely get is 1 year, down from 2-10 years... in the past...
2) Doe godaddy give user options on renewal (no info needed) versus reissue (new CSR)?
If you have your original CSR you can renew, otherwise you must regenerate.
Aside: Or you can setup a free https://LetsEncrypt.org cert along with an auto-renewal CRON job, then never think about a cert again.
https://www.experts-exchange.com/questions/29209602/StrongSWAN-on-ubuntu-16.html provides details about initial cert generation, hands free auto-renewal, restarting servers each time a cert renews to ingest new certs.
https://www.experts-exchange.com/questions/29209602/StrongSWAN-on-ubuntu-16.html provides details about initial cert generation, hands free auto-renewal, restarting servers each time a cert renews to ingest new certs.
ASKER
Hi
The certificate was generated by an admin in our company who had a godaddy account. I am not sure he still works here.
let me make sure I understand what is needed for renewal:
1) The original CSR for the certificate will be needed
2) The original godaddy account that created this certificate is needed. If i create a new account myself nowI will not be able to renew that certificate.
Is this correct or not?
The certificate was generated by an admin in our company who had a godaddy account. I am not sure he still works here.
let me make sure I understand what is needed for renewal:
1) The original CSR for the certificate will be needed
2) The original godaddy account that created this certificate is needed. If i create a new account myself nowI will not be able to renew that certificate.
Is this correct or not?
In general, you can order a new certifiate at any time also with a new account.
You need the existing cert request to keep the current private key or you create a new one with a new private key..
So, any combination is possible.
Dependent from the kind of certificate there is possibly a validation process behind it.
The more easier way is to have the account which was used to issue the original certifiacte as it is more or less one click to renew.
You need the existing cert request to keep the current private key or you create a new one with a new private key..
So, any combination is possible.
Dependent from the kind of certificate there is possibly a validation process behind it.
The more easier way is to have the account which was used to issue the original certifiacte as it is more or less one click to renew.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
GoDaddy support is good. You can chat or call them directly for whatever issue you have with your SSL certificate.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Everyone mention private keys with certificates.
I have created CSRs for Oracle HTTP server, IIS 10 server, and Apache tomcat web server and not one single server requested a private key. Could this be possible generated automatically within the CSR itself?
There was a password request for the java keystore i had to create for apache tomcat and wallet for oracle server but I don't think this is a private key.
I have created CSRs for Oracle HTTP server, IIS 10 server, and Apache tomcat web server and not one single server requested a private key. Could this be possible generated automatically within the CSR itself?
There was a password request for the java keystore i had to create for apache tomcat and wallet for oracle server but I don't think this is a private key.
The private key is only on the machine, where you created the certificate request.
On windows machines, the private key is created automatically.
For Linux, you have to create it manually. It depends which method you use..
So Godaddy is not aware about your private key, they only influence, if the private key is exportable.
If a certificate needs as password, it is due to the fact, that exporting the private key with a certificate needs a kind of protection (i.e a password) as the private key is the sensible part.
But coming back to your original question.
To renew a certificate dosn't need a new reqest as long as nothing changes.
You can create a new request with the same keys or with new keys.
New keys are usually choosen, whenever you feel the current key is compromized.
On windows machines, the private key is created automatically.
For Linux, you have to create it manually. It depends which method you use..
So Godaddy is not aware about your private key, they only influence, if the private key is exportable.
If a certificate needs as password, it is due to the fact, that exporting the private key with a certificate needs a kind of protection (i.e a password) as the private key is the sensible part.
But coming back to your original question.
To renew a certificate dosn't need a new reqest as long as nothing changes.
You can create a new request with the same keys or with new keys.
New keys are usually choosen, whenever you feel the current key is compromized.
ASKER
very informative..
I always create the CSR on the machine that will have the SSL certificate installed.
You say the PK is created automatically. Where is this file or key normally stored at?
I think when you say "automatic" it is not being keyed in by the user creating the CSR.
I always create the CSR on the machine that will have the SSL certificate installed.
You say the PK is created automatically. Where is this file or key normally stored at?
I think when you say "automatic" it is not being keyed in by the user creating the CSR.
Have a look here (for Windows)
C:\Users\[username]\AppData\Roaming\Microsoft\Crypto\RSA\[SID]
When you request a cert from a windows machine, you find thew request here...
If you import the cert from the CA, the cert is coonected to the private key and move to the personal folder
For other OS / Apps, you find them here:
https://www.ssls.com/knowledgebase/how-can-i-find-the-private-key-for-my-ssl-certificate/#in-browser
C:\Users\[username]\AppData\Roaming\Microsoft\Crypto\RSA\[SID]
When you request a cert from a windows machine, you find thew request here...
If you import the cert from the CA, the cert is coonected to the private key and move to the personal folder
For other OS / Apps, you find them here:
https://www.ssls.com/knowledgebase/how-can-i-find-the-private-key-for-my-ssl-certificate/#in-browser
https://my.godaddy.com/help/renewing-my-ssl-certificate-864