httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rainer M. Canavan" <rainer.cana...@sevenval.com>
Subject Re: [users@httpd] Trouble installing renewed SSL certificate
Date Fri, 25 Oct 2013 11:57:01 GMT

On Oct 25, 2013, at 13:25 , √ėyvind Lode <oyvind@lode.is> wrote:

> Hi Harald.
> 
> No.
> 
> I just received the new certificate from Comodo.
> 
> I assume they used the original csr file which I have stored somewhere :)
> 
> I thought I documented what I did to set up the cert but can't for the life of me find
it now.

If the same csr was used, it should be sufficient to replace the .crt.

> So I probably just need to create a new private key but memory does not serve me well
right now haha
> 
> I'm starting to believe that receiving a renewed cert is actually like receiving a cert
in the first place and should be installed like a completely new cert.

> If you know of a good article on how to install a ssl cert including creating a new private
key and ca-bundle please let me know.

A certificate is linked to the specific private key it was created for. The modulus
of that key was stored in the CSR that was used to generate the certificate. You need
to find the correct key, since you won't be able to generate a matching one. You
can check the modulus of the key, csr and certificate with openssl:

openssl x509 -noout -modulus -in certificate.crt 
openssl rsa -noout -modulus -in private.key 
openssl req -noout -modulus -in csr.csr

You probably should check the certificate as well, especially the CN of the Subject, e.g.
with

openssl x509 -noout -text -in certificate.crt


rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message