|
|
| |
| Introduction
| |
If you are moving your secure Web site from one server to another, there are a few specific things you need to be aware of in
order for the certificate to work on the new server.
| |
| Changing Operating Systems
| |
Digital certificates work differently with different operating systems and Web Server software. Because of this, a certificate
generated for a Windows2000 server running the IIS Web server does not work on a UNIX server running Apache. Likewise, a UNIX server
running Netscape Web Server can not use a certificate designed to run on a UNIX server running Apache. All the Virtual Private
Servers run a variant of Apache on a UNIX platform, however, which means that if you are moving from one Virtual Private Server to
another, the certificate will probably work.
If your current certificate is not compatible with your new server, you will need to obtain a certificate for the new operating
system and Web server. Most Certificate Authorities will issue a transfer certificate at a lesser cost than obtaining a new
certificate. When transferring your certificate to a Virtual Private Server, be sure to get a certificate for Apache with
SSL, openssl, or ModSSL (these are all the same thing, although different Signing Authorities may use slightly
different names).
The Signing Authority will provide you with instructions on how to install a Transfer Certificate.
| |
| Moving a Certificate to a new server
| |
If your current certificate is compatible with the server you are moving your secure Web site to, you do not need to get a new
certificate. Simply move your certificate to the new server and ensure that it works.
-
Set up SSL on the new server
If you have not already done so, make sure that the new server has SSL
running on it (all VPS v2 servers are set up with SSL by default).
-
Copy the Certificate to the New Server
Using FTP or another method, copy the certificate and Private Key files to the
new server. Both the certificate and the key are stored in the /usr/local/apache/conf/ directory of the Virtual
Private Server. The certificate should be in a file named ssl.cert, and the key should be in the ssl.pk file.
If you use FTP, be sure to copy the files to the new server as ASCII files.
-
Make Sure your Private Key has been Decrypted
It's a good idea to check your Private Key to make sure it has been decrypted. Use more or your favorite text
editor to view the file. If your key has been decrypted, you should not see the following lines before the encoded
elements of the key.
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,BCC23A5E16582F3D
If your Private Key does have those lines near the beginning, run the following command to remove the encryption.
# openssl rsa -in ssl.pk -out ssl.pk
-
Restart Apache
With the ssl.pk in place and decrypted, and the ssl.cert in place on your Virtual Private Server, run the
restart_apache command to restart your Web server so that it will use the new certificate.
If you have trouble getting your certificate to work, check the
Digital Certificate Troubleshooting Guide for help. You
are also welcome to Contact our Support Staff for help.
|
Toll Free 1-866-GSP-4400 • 1-301-464-9363 • service@gsp.com
Copyright © 1994-2016 GSP Services, Inc.
|