[CentOS] Export/Import wild card SSL

Wed Oct 24 08:44:23 UTC 2012
Tony Mountifield <tony at softins.co.uk>

In article <0DFC5E1E-DFC7-4F90-A79E-B3CFB341CAF2 at gmail.com>,
aurfalien <aurfalien at gmail.com> wrote:
> On Oct 23, 2012, at 3:19 PM, John R Pierce wrote:
> > On 10/23/12 3:09 PM, aurfalien wrote:
> >> I don't see any ref to the servers name that its running on.
> > 
> > the subject, and subject alternative names.
> BTW, sorry for the mis information, but my certificate file are actually;
> commercial.csr and commercial.key
> Sorry for the mis information.
> The ca files are self signed files of come kind and not my actual used cert files.

Hi Aurf,

Since you have an existing working server, you have a good starting point.
As the certificates are wildcard for *.domain.com (for example), you can
use them unchanged on any server that has a name within domain.com.

Firstly you need to copy the certificate, the private key and any intermediate
certificate bundle (such as gd_bundle.crt) from the old server to the new one.
On CentOS5, the certificate and bundle go in /etc/pki/tls/certs, and the key
goes in /etc/pki/tls/private. On CentOS4, the directories were actually
/etc/httpd/conf/ssl.crt and /etc/httpd/conf/ssl.key respectively.

Then you also need to update the Apache configuration to use the certificates.
This will either be in /etc/httpd/conf.d/ssl.conf (most likely), or else in
/etc/httpd/conf/httpd.conf itself. Just search for the certificate, key and
bundle filenames to find the relevant directives and edit the matching file
on the new server to include the same directives. They will probably look
something like this:

SSLCertificateFile /etc/pki/tls/certs/commercial.crt
SSLCertificateKeyFile /etc/pki/tls/private/commercial.key
SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt

By the way, in your posting above, you said commercial.csr - this would be the
original Certificate Signing Request. You need the actual signed certificate,
which would be in commercial.crt.

But in any case, look for those SSLCertificate directives and they will point
you to the actual files that need copying over.

Hope this helps!


Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org