[Talk] moving ssl site to new box/IP

Larry Kagan talk@flux.org
Tue, 14 Nov 2006 14:25:59 -0500 

Thanks.  I'm sure it's documented.  I just haven't come across it yet.

On Tue, 2006-11-14 at 13:28 -0500, Danny Rathjens wrote:
> You are right, and that is documented in many places. :)
> 
> Larry Kagan wrote:
> > Also on this note.  I've always wondered why it was required to have a
> > separate IP for each domain that needs ssl instead of using name-based
> > virtual hosting.  
> > 
> > I've never seen this documented anywhere but I assume it's because name
> > based virtual hosting is based on HTTP 1.1 where a 'host' header is sent
> > to the server.  If the header is encrypted before transmission and certs
> > are different for each virtual host, there is no way the server process
> > knows which host to ask for the cert to decrypt it .... so it could know
> > which host to send the request to.  Kind of a catch 22.
> > 
> > Am I right about this?  Any thoughts?
> > 
> > Larry
> > 
> > On Tue, 2006-11-14 at 11:29 -0500, Carl C. wrote:
> >> ----- Original Message ----- 
> >>> From: Larry Kagan 
> >>>
> >>> I'm moving an ssl web site to another machine with another IP.  Do I
> >>> need to bother getting another cert?  I can't think of a reason why I
> >>> would but maybe one of you can.
> >> Assuming apache and openssl, check in your httpd.conf file, you will
> >> see you use:
> >>
> >>         SSLCertificateFile    /path/to/file/something.crt
> >>         SSLCertificateKeyFile    /path/to/file/something.key
> >>
> >> something.crt  <= crt file 
> >> something.key <= key file used to create the crt file.
> >>
> >> Those are required to move the SSL cert to a new server. IP address does
> >> not matter, just those 2 files...
> >>
> >> Now, the trick is to go find the .csr file that was used to create your .crt file,
> >> why? Because when you go to renew, you will need the .csr file and if you
> >> use the old one, it's much faster/easier to renew.
> >>
> >> If needed, contact me off list, I sell SSL certs.
> >> Carl
> >> http://www.carlc.com/
> >> _______________________________________________
> >> Talk mailing list
> >> Talk@flux.org
> >> http://www.flux.org/mailman/listinfo/talk
> > 
> > _______________________________________________
> > Talk mailing list
> > Talk@flux.org
> > http://www.flux.org/mailman/listinfo/talk
> > 
> _______________________________________________
> Talk mailing list
> Talk@flux.org
> http://www.flux.org/mailman/listinfo/talk