The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New customer with SSL

Discussion in 'General Discussion' started by SHSaeed, Nov 16, 2002.

  1. SHSaeed

    SHSaeed Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    We've just got a new customer that has her own SSL cert. We've setup her account on a dedicted IP and all. My question is if we can use her key/cert from the old web host or do we need to generate and send her a new key?

    Thank you.
     
  2. JustinK

    JustinK Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    251
    Likes Received:
    0
    Trophy Points:
    16
    The key & certificate go together so a new key would require a new certificate. You will need to use the key & cert that the customer had at their former host.
     
  3. torwill

    torwill Well-Known Member

    Joined:
    Jun 25, 2002
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    I did install couple certs transferred from my old server. if you have the &key(.key)& and &cert(.crt)& from the old server. you can put ssl back on.
     
  4. SHSaeed

    SHSaeed Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    16
    What if the customer only has the cert Thawte sent her? Will it work if I generate a Key using WHM or do we need a key from her?
     
  5. torwill

    torwill Well-Known Member

    Joined:
    Jun 25, 2002
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    you'll need the key from her previous host. if you generate a new key, new key and the current cert won't match.

    if she can't get the key from her previous host, then she'll probably have to ask for a new cert.

    I don't know Thawte, but GeoTrust will re-issue a new cert if it's within 30 days of purchase.
     
  6. johndoe

    johndoe Active Member

    Joined:
    May 26, 2002
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    how to tell the difference...

    Hello forum members,
    I found this thread because I had almost exactly the same situation. I moved my reseller domain, which had its own GeoTrust certificate installed at the host server, to my own dedicated server. When I tried installing, through WHM, the GeoTrust certificate, it failed.

    Then I read this thread, and afterward asked the previous host of my reseller domain for the key they used for that certificate. The host, reputable (members of this forum as well) and professional in all respects, gladly obliged.

    The problem is they sent me two separate encrypted files. One is preceded with -----BEGIN RSA PRIVATE KEY----- , and the other is preceded with -----BEGIN CERTIFICATE REQUEST----- .

    Based on what I read here, I understand that I should use the &RSA PRIVATE KEY&. The other file is a mystery to me, since it does not match the GeoTrust certificate I have.

    Using the &Install an SSL Certificate and Setup the Domain & feature at WHM, I am presented with three large text areas to fill in:
    1) Install A SSL Cert
    *The crt may already be on the server.
    *You can try to FETCH it or paste the entire .crt file here:
    *[ large text area for pasting of certificate here ]
    *Domain [ ]
    *User [ ]
    *IP Address [ ]
    *[ ] Check here if this ssl cert is already setup
    and this is just a replacement/update certificate.

    2) The key may already be on the server.
    *You can try to it or paste the entire .key file here:
    *[ large text area for pasting of certificate here ]

    3) Paste the ca bundle here (optional):
    *[ large text area for pasting of certificate here ]

    So I have the two encrypted files sent by the former host of the reseller domain, and the encrypted file purchased from GeoTrust. Does anyone know the procedure here? Do I need all three, and if so, where do they go in the above WHM description?

    I'm assuming that all I need to do is some pasting and clicking &Do It& here. Maybe that's a wrong assumption. Maybe I need to use the &Generate an SSL Certifcate and Signing Request & WHM feature first with these files?

    Thanks.
    --john doe
     
  7. johndoe

    johndoe Active Member

    Joined:
    May 26, 2002
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    oh, well...

    This is what RackShack support had to say about the question of moving SSL certificates from server to server:

    &Despite GeoTrusts indication to the contrary, we do not provide
    support for SSL certificates. However, in general you cannot move an SSL certificate from one server to another as the encrypted key is tied to both the domain name and the IP address. You will need to purchase a new certificate.

    Eris, #844
    Rackshack Support&
     
  8. rinty

    rinty Well-Known Member

    Joined:
    May 31, 2002
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    If it is tied to the IP, that stinks......
     
  9. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    [quote:5f7fd709d7][i:5f7fd709d7]Originally posted by rinty[/i:5f7fd709d7]

    If it is tied to the IP, that stinks......[/quote:5f7fd709d7]

    It is not tied to an IP, it is tied to the domain ( FQDN ) the certificate was issued for.
    As long as you have the original key and the crt file you should be able to install the cert on another server.
     
  10. johndoe

    johndoe Active Member

    Joined:
    May 26, 2002
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Jamesbond... that is exactly what I was hoping someone here would say, since I have a tendency to be skeptical of negative responses from companies who would gain financially by such response.

    My certificate starts with: -----BEGIN CERTIFICATE REQUEST-----
    The host with whom this domain formerly resided was kind enough to send me 2 files, one of which they say is the key.
    One starts with: -----BEGIN RSA PRIVATE KEY-----
    The other starts with: -----BEGIN CERTIFICATE REQUEST----- (WebHost Manager stated I don't need this one).

    I tried installing my certificate on my main server, which hosts the domain in question as a reseller account. When that didn't work, I went into WHM for the domain in question and tried to install the certificate there.

    On the worst case scenario, I got this result:
    Attempting to verify your certificate.....
    Modulus mismatch, key file does not match certificate. Please use the
    correct key file
    -----------
    Key Modulus
    Modulus=C0414BD181B35B725DEDF0E15E340AE7F443EA497710F12F91F3B297A8A05870F22E
    25B731D45271D358DD0C2807C9C42CF4913E0C035C96DE75D60A42EDE7F967E80325AC3CC360
    F1E646341B4EA4B7302C0CE1CA91DA59694967A1C4F7B5A02681E26B55060F7067FB425A078A
    C3C62E643BA193DF932E47872CBCDE7B067D

    Crt Modulus
    Modulus=C8CE602774F93AB3B7F982042E28181D2A8D85B0C43F74941CDFE93AF006865A99BE
    4D5108B41B130AFF00F6D
    -----------
    On the best case scenario, WHM stated something to the effect of: &key does not match domain IP address&.

    GeoTrust won't answer my question, passes the buck to their reseller, who's tech support says they are not obligated to answer the question either.

    I feel so unloved ...;)
     
  11. johndoe

    johndoe Active Member

    Joined:
    May 26, 2002
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    follow up

    The former host had sent the wrong private key... when the right private key was sent, the certificate did install using the new IP with the old certificate and key.

    But https://www.domain.com turns up a &page not found&. I know I read about that someone in this forum, so it's just a matter of a little more time, and all will be working...

    Great forum... great input from everybody...

    --johndoe
     
  12. manny

    manny Registered

    Joined:
    Jul 9, 2003
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    _______________________________________________________

    I would like to clarify one thing.

    Upon generating a CSR the produced Cert is tied to both the Domain and the IP (or SSL Protocal).

    The reason you can transfer your Cert from IP to IP (yes you can!) is that in most cases you are securing a domain (ex. https://www.domain.com) not an IP (ex. https://345.125.145).

    If you are planning to secure an IP (some affiliate store companies like to do this to not reveal their identity to their resellers clients) make sure you have an dedicated IP first, before generating the CSR! Otherwise how will a Certificate generating company know which IP you want to secure.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page