httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Øyvind Lode <>
Subject RE: [users@httpd] Trouble installing renewed SSL certificate
Date Fri, 25 Oct 2013 13:19:55 GMT

The new certificate was issued with a new private key but I did not receive info about that.

I have now received both the crt and the private key and apache is up and running again.


-----Original Message-----
From: Rainer M. Canavan [] 
Sent: 25. oktober 2013 13:57
Subject: Re: [users@httpd] Trouble installing renewed SSL certificate

On Oct 25, 2013, at 13:25 , Øyvind Lode <> wrote:

> Hi Harald.
> No.
> I just received the new certificate from Comodo.
> I assume they used the original csr file which I have stored somewhere 
> :)
> I thought I documented what I did to set up the cert but can't for the life of me find
it now.

If the same csr was used, it should be sufficient to replace the .crt.

> So I probably just need to create a new private key but memory does 
> not serve me well right now haha
> I'm starting to believe that receiving a renewed cert is actually like receiving a cert
in the first place and should be installed like a completely new cert.

> If you know of a good article on how to install a ssl cert including creating a new private
key and ca-bundle please let me know.

A certificate is linked to the specific private key it was created for. The modulus of that
key was stored in the CSR that was used to generate the certificate. You need to find the
correct key, since you won't be able to generate a matching one. You can check the modulus
of the key, csr and certificate with openssl:

openssl x509 -noout -modulus -in certificate.crt openssl rsa -noout -modulus -in private.key
openssl req -noout -modulus -in csr.csr

You probably should check the certificate as well, especially the CN of the Subject, e.g.

openssl x509 -noout -text -in certificate.crt

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message