Reissuing a SSL certificate

Forum Moderators: buckworks

Message Too Old, No Replies

Reissuing a SSL certificate

Moving to a new Server

lgn1

7:28 pm on Aug 11, 2005 (gmt 0)

We are moving to a new server and require a reissue of
a SSL certificate.

Because, some sites don't update their DNS resolution for up to a week, we like to have both the original and the reissued certificate running for about a week, before dropping the original site.

Does SSL certificate issuing authorities allow this?

lorax

9:20 pm on Aug 11, 2005 (gmt 0)

I don't think they'll care. The SSL cert is attached to the DN. You could have your DN setup on 100 different webservers and each could have it's own SSL. Only one will actually work - depends upon which server is designated as the owner of the DN by DNS.

hasms

10:17 pm on Aug 11, 2005 (gmt 0)

Interesting that you asked this today. I was trying to figure out the answer to this same question myself this morning. Thawte customer support told me that as soon as I apply for a reissue, the old certificate becomes invalid...and therefore my visitors would get a broken certificate message, even if I didn't change a thing on my existing web server or domain.

But this answer didn't make sense to me. Does the old SSL certificate really interact with the Thawte server to find out if it is valid?

madmac

12:27 am on Aug 12, 2005 (gmt 0)

I'm not really sure what you mean. SSL certificates are bound to the domain name, not the IP address or server. If you are moving servers, you should be able to re-install your old certificate.

If you're changing domain names, and just recently purchases the certificate, from experience, most SSL providers will re-issue you the certificate for the new domain.

shazer7

6:03 pm on Aug 12, 2005 (gmt 0)

Lgn1 this is my first time posting but I have been reading these forum regularly for a month or so now.

I had a similar issue. My host upgraded the servers so I had to reinstall my cert. Like madmac the SSL Certificate is link to the domain name.

All you have to do is contact the provided the issued the Cert. explain to them what is happening. They should issue you a credit to rekey the cert.

If you are using Cpanel and don�t have access to WHM (Web Host Manager) you will need to contact you host so they can reissue the private Key and Certificate Singing Request (CSR), this will be needed in order to rekey the cert.

sja65

7:47 pm on Aug 12, 2005 (gmt 0)

The issuer of the certificate can revoke the certificate when they feel it is invalid. When a browser checks a certificate, one of the things it checks is that the certificate authority still recognizes the validity of the certificate.

Remember a few years ago, someone was able to buy a certificate claiming to be microsoft. If I remember properly, the certificate was issued, but the certificate authority revoked the certificate before it could be used.

sharbel

5:52 pm on Aug 13, 2005 (gmt 0)

SSL certs are tied to the server you create the request from.. when you move servers, you have to get a re-issue.