[Talk] moving ssl site to new box/IP

Danny Rathjens talk@flux.org
Tue, 14 Nov 2006 13:28:38 -0500 

You are right, and that is documented in many places. :)

Larry Kagan wrote:
> Also on this note.  I've always wondered why it was required to have a
> separate IP for each domain that needs ssl instead of using name-based
> virtual hosting.  
> 
> I've never seen this documented anywhere but I assume it's because name
> based virtual hosting is based on HTTP 1.1 where a 'host' header is sent
> to the server.  If the header is encrypted before transmission and certs
> are different for each virtual host, there is no way the server process
> knows which host to ask for the cert to decrypt it .... so it could know
> which host to send the request to.  Kind of a catch 22.
> 
> Am I right about this?  Any thoughts?
> 
> Larry
> 
> On Tue, 2006-11-14 at 11:29 -0500, Carl C. wrote:
>> ----- Original Message ----- 
>>> From: Larry Kagan 
>>>
>>> I'm moving an ssl web site to another machine with another IP.  Do I
>>> need to bother getting another cert?  I can't think of a reason why I
>>> would but maybe one of you can.
>> Assuming apache and openssl, check in your httpd.conf file, you will
>> see you use:
>>
>>         SSLCertificateFile    /path/to/file/something.crt
>>         SSLCertificateKeyFile    /path/to/file/something.key
>>
>> something.crt  <= crt file 
>> something.key <= key file used to create the crt file.
>>
>> Those are required to move the SSL cert to a new server. IP address does
>> not matter, just those 2 files...
>>
>> Now, the trick is to go find the .csr file that was used to create your .crt file,
>> why? Because when you go to renew, you will need the .csr file and if you
>> use the old one, it's much faster/easier to renew.
>>
>> If needed, contact me off list, I sell SSL certs.
>> Carl
>> http://www.carlc.com/
>> _______________________________________________
>> Talk mailing list
>> Talk@flux.org
>> http://www.flux.org/mailman/listinfo/talk
> 
> _______________________________________________
> Talk mailing list
> Talk@flux.org
> http://www.flux.org/mailman/listinfo/talk
>