The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

same ssh cert on 2 different cpanel servers

Discussion in 'Security' started by zombo, Feb 16, 2013.

  1. zombo

    zombo Active Member

    Joined:
    Jan 28, 2004
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Austria
    I am owning an using ssl certs on my main cpanel server. I have the userfiles mirrored to a second cpanel server in a different IP location.
    AS far as I know, since operating system, cpanel, apache etc are same on both virtual servers my SSL cert(s) should work on both servers.
    Some time ago the cert files used to reside in /usr/share/ssl/certs and /usr/share/ssl/private, however there are no such files anymore.

    :confused: Could anyone please drop me a hint where the relevant files are now that I can copy them to the correct location on my secondary cpanel server?
     
  2. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    Look in /etc/ssl
     
  3. zombo

    zombo Active Member

    Joined:
    Jan 28, 2004
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Austria
    Thanks quietFinn. - Unfortunately simple coyping the .key and .crt files do not do the Job. the copied certs show the wrong IP numbers. I guess I have to ask the cert issueing company for a reissue of the certs with a new csr, which makes me somhow nervous.
     
  4. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    You say that "I have the userfiles mirrored to a second cpanel server".
    Do you mean that you have copied the files, but not actually transferred the accounts?
    Because if you copy the account(s) in WHM-> Transfers-> Copy an Account From Another Server the SSL certificate is copied also.
     
  5. zombo

    zombo Active Member

    Joined:
    Jan 28, 2004
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Austria
    I do a daily rsync of the whole /home directory from my primary to the secondary server. A DNS failover directs visitors to the secondary in case of outages. That works quite fine (I do not care about mail services at this time, I only want the web content to stay accessable during server outages).

    This way the complete cpanel accounts are copied (rsync'd). I checked the /home/[useracct]/ssl/certs and /home/[useracct]/ssl/private files and they are identical as they should be.

    Your hint did help a little. However, as I call the respective website per browser, primary and secondary work fine despite of the ssl funktion. The primary does as is should (SSL exiry in 2014) while the copied secondary displays an expired cert (SSL expiry in 2010) which I understand since the cert was renewed in 2010 and in 2012 - but why do the copied files not produce the same result than the source?? - Are cert and private key files stored in another place that I did not copy? Can it be a cache problem? Why does the browser use the old and expired cert although the ssl cert and private userfiles are identical?
     
Loading...

Share This Page