New customer with SSL

The key & certificate go together so a new key would require a new certificate. You will need to use the key & cert that the customer had at their former host.

 

I did install couple certs transferred from my old server. if you have the &key(.key)& and &cert(.crt)& from the old server. you can put ssl back on.

 

you'll need the key from her previous host. if you generate a new key, new key and the current cert won't match.

if she can't get the key from her previous host, then she'll probably have to ask for a new cert.

I don't know Thawte, but GeoTrust will re-issue a new cert if it's within 30 days of purchase.

 

how to tell the difference...

Hello forum members,
I found this thread because I had almost exactly the same situation. I moved my reseller domain, which had its own GeoTrust certificate installed at the host server, to my own dedicated server. When I tried installing, through WHM, the GeoTrust certificate, it failed.

Then I read this thread, and afterward asked the previous host of my reseller domain for the key they used for that certificate. The host, reputable (members of this forum as well) and professional in all respects, gladly obliged.

The problem is they sent me two separate encrypted files. One is preceded with -----BEGIN RSA PRIVATE KEY----- , and the other is preceded with -----BEGIN CERTIFICATE REQUEST----- .

Based on what I read here, I understand that I should use the &RSA PRIVATE KEY&. The other file is a mystery to me, since it does not match the GeoTrust certificate I have.

Using the &Install an SSL Certificate and Setup the Domain & feature at WHM, I am presented with three large text areas to fill in:
1) Install A SSL Cert
*The crt may already be on the server.
*You can try to FETCH it or paste the entire .crt file here:
*[ large text area for pasting of certificate here ]
*Domain [ ]
*User [ ]
*IP Address [ ]
*[ ] Check here if this ssl cert is already setup
and this is just a replacement/update certificate.

2) The key may already be on the server.
*You can try to it or paste the entire .key file here:
*[ large text area for pasting of certificate here ]

3) Paste the ca bundle here (optional):
*[ large text area for pasting of certificate here ]

So I have the two encrypted files sent by the former host of the reseller domain, and the encrypted file purchased from GeoTrust. Does anyone know the procedure here? Do I need all three, and if so, where do they go in the above WHM description?

I'm assuming that all I need to do is some pasting and clicking &Do It& here. Maybe that's a wrong assumption. Maybe I need to use the &Generate an SSL Certifcate and Signing Request & WHM feature first with these files?

Thanks.
--john doe

 

oh, well...

This is what RackShack support had to say about the question of moving SSL certificates from server to server:

&Despite GeoTrusts indication to the contrary, we do not provide
support for SSL certificates. However, in general you cannot move an SSL certificate from one server to another as the encrypted key is tied to both the domain name and the IP address. You will need to purchase a new certificate.

Eris, #844
Rackshack Support&

 

If it is tied to the IP, that stinks......

 

[quote:5f7fd709d7][i:5f7fd709d7]Originally posted by rinty[/i:5f7fd709d7]

If it is tied to the IP, that stinks......[/quote:5f7fd709d7]

It is not tied to an IP, it is tied to the domain ( FQDN ) the certificate was issued for.
As long as you have the original key and the crt file you should be able to install the cert on another server.

 

Jamesbond... that is exactly what I was hoping someone here would say, since I have a tendency to be skeptical of negative responses from companies who would gain financially by such response.

My certificate starts with: -----BEGIN CERTIFICATE REQUEST-----
The host with whom this domain formerly resided was kind enough to send me 2 files, one of which they say is the key.
One starts with: -----BEGIN RSA PRIVATE KEY-----
The other starts with: -----BEGIN CERTIFICATE REQUEST----- (WebHost Manager stated I don't need this one).

I tried installing my certificate on my main server, which hosts the domain in question as a reseller account. When that didn't work, I went into WHM for the domain in question and tried to install the certificate there.

On the worst case scenario, I got this result:
Attempting to verify your certificate.....
Modulus mismatch, key file does not match certificate. Please use the
correct key file
-----------
Key Modulus
Modulus=C0414BD181B35B725DEDF0E15E340AE7F443EA497710F12F91F3B297A8A05870F22E
25B731D45271D358DD0C2807C9C42CF4913E0C035C96DE75D60A42EDE7F967E80325AC3CC360
F1E646341B4EA4B7302C0CE1CA91DA59694967A1C4F7B5A02681E26B55060F7067FB425A078A
C3C62E643BA193DF932E47872CBCDE7B067D

Crt Modulus
Modulus=C8CE602774F93AB3B7F982042E28181D2A8D85B0C43F74941CDFE93AF006865A99BE
4D5108B41B130AFF00F6D
-----------
On the best case scenario, WHM stated something to the effect of: &key does not match domain IP address&.

GeoTrust won't answer my question, passes the buck to their reseller, who's tech support says they are not obligated to answer the question either.

I feel so unloved ...

 

follow up

The former host had sent the wrong private key... when the right private key was sent, the certificate did install using the new IP with the old certificate and key.

But https://www.domain.com turns up a &page not found&. I know I read about that someone in this forum, so it's just a matter of a little more time, and all will be working...

Great forum... great input from everybody...

--johndoe

 

_______________________________________________________

I would like to clarify one thing.

Upon generating a CSR the produced Cert is tied to both the Domain and the IP (or SSL Protocal).

The reason you can transfer your Cert from IP to IP (yes you can!) is that in most cases you are securing a domain (ex. https://www.domain.com) not an IP (ex. https://345.125.145).

If you are planning to secure an IP (some affiliate store companies like to do this to not reveal their identity to their resellers clients) make sure you have an dedicated IP first, before generating the CSR! Otherwise how will a Certificate generating company know which IP you want to secure.

cPanel.net Support Ticket Number: