how to move SSL cert to new server

[mneese77]

I have inherited a domain from another server...how to move ssl cert to new server...

Is this done through Plesk by simply cut and paste the cert and key data into a new server cert, or is it done by moving the certs and key files themselves onto the server, into the erc/httpd/ssl.crt directory along with the server cert...

If that is done, what else is needed to secure the domain...
thanks

[biggles]

Hm, might be problematic to move the cert if the servername has changed becuase the servername is embedded in the cert.

[Kalimari]

Recently transferred a dozen websites (w/SSL) one-by-one to a new server (Plesk 8.6 on old, Plesk 9 on new).

On old server:
1. Go to existing domain certificate and note name/details/bit-depth/Private key/Certificate/CA certificate.

On new server:
1. Create domain name (exactly the same as on old).
2. Click 'Add SSL Certificate'.
3. Paste/duplicate the details field-for-field from old server (CSR isn't required).
4. Set-up domain, assign IP/cert as usual.
5. Test domain via https://IP-ADDRESS, check the certificate details, it should correct; there will still be an alert in browser as IP doesn't match cert.

This might be as biggles suggests, because although the full server name was not the same (server1.domain.tld1, server2.domain.tld2), the domain bit in the middle was. But if you have IP addresses assigned on new server, test with one domain and see how it goes.

Good luck!

[faris]

I've only done this once (from different hosting provider to us) but didn't have any problems.

Essentially as long as the the certificate, private key (and CSR) are copied it just works.

[Highland]

Worst case scenario is you can hack Apache to load it manually. Just means that Apache will ignore changes that Plesk makes.

All you should need are the cert files off the server. I've never had a problem moving certs either by copy and paste or by moving the file.

[mneese77]

It worked by just copying the text files from one server, then using plesk, i "added" cert by pasting into their respective areas for the new cert...however it did take a few days for everything to resolve and be recognized by the browsers...

1.added ip to server
2.created domain in plesk
3.cut and paste cert to new server
4.control panel assignment of dns for domain and ip
Also designated in plesk for the http and https files to be from same directory for that domain, which would be the http directories, otherwise there must be two sets of files.
5. verification testing
6.Works!

Thanks for the guidance...next time it might be more cost efficient to just get a new cert...

[mneese77]

Things seem to be functioning correctly in the browsers, but I am getting this error regarding the cert for this ip...

[warn] RSA server certificate CommonName (CN) `www.gertrudezachary.com' does NOT match server name!?

upon looking around I find referrences to editing the vhost.conf file for that domain...I do not have a vhost.conf file for that domain, or ANY domain on my server!

I am using plesk 9.2.5 or whatever is the latest, and my cert was configured in plesk, as were all the domain configurations...

Any ideas?

[BruceLee]

you don't need to have a vhost.conf. If you want one you would have to
- create it manually and additionally to the httpd.include file under /var/www/vhhots/domain.tld/conf
- edit it with the settings you want to make
- and than run

Code: Select all

/usr/local/psa/admin/sbin/websrvmng --reconfigure-vhost --vhost-name=domain.tld

-restart apache

If the cert is used with an shared ip that is used for multi hosted sites that warning is inevitable in my opinion.
See this KB from Parallells:http://kb.parallels.com/1500

[mneese77]

I have cleaned up my cert, which was missing a geotrust CA...seems that everything that is not geotrust must update their certs with a new CA since July 2010...
thanks for the info on the vhost.conf file...guess this is why i have plesk...

[breun]

Also see Plesk's documentation on vhost.conf: Including Directives into Web Server Configuration File.