transfering an SSL certificate to new server

Our old server, a RedHat ES2 with Apache 1.3.27 was compromised and
we're migrating to a new box with RH ES4 and Apache 2.0.52.

It's a safe assumption that I can't just copy over the ssl.crt/ and
ssl.key/ files from one to the other machine, right?
(Actually, I tried it already. And yeah, it gives the same default info
when you view the cert threw the browser.)

I have an O'Reilly book on Apache that explains how to create a new
cert setup, but I was wondering if there's any way to nice and easily
transfer the key from one server to the other?

If there's a RTFM directive on transfering, please let me know what FM
I need to read and I will gladly do so! =)

Thanks for any feedback
Liam

Re: transfering an SSL certificate to new server

Post removed (X-No-Archive: yes)

Re: transfering an SSL certificate to new server

Davide Bianchi wrote:
> On 2005-11-17, news@celticbear.com wrote:
> > It's a safe assumption that I can't just copy over the ssl.crt/ and
> > ssl.key/ files from one to the other machine, right?
>
> Theoretically, you could. If you want to be sure that they work, use
> openssl to verify the certificate and the key on the destination machine.
>
> Davide
>
Thanks for the reply!
But, I tried that, actually. I copied the contents of the two folders
over, same permissions, and resterted httpd. And when I visit the https
of the site, I get localhost info in the cert, not the old, right cert
info.
I did "man openssl" and I have to be honest, I'm not sure how to use it
to verify the cert and key. I'm going to keep reading about it though.
Thanks for the feedback!
-Liam

Re: transfering an SSL certificate to new server

Post removed (X-No-Archive: yes)

Re: transfering an SSL certificate to new server

Davide Bianchi wrote:
> On 2005-11-17, news@celticbear.com wrote:
> > But, I tried that, actually. I copied the contents of the two folders
> > over, same permissions, and resterted httpd.
>
> Yes, but did you checked that your httpd is using _those_ certificates
> instead of his own defaults?
>
> > I did "man openssl" and I have to be honest, I'm not sure how to use it
> > to verify the cert and key.
>
> openssl verify /where/is/your/certificate
>
Ah. Well, it shows it's expired, but I knew that. =(
I found my problem though. Don't know how it's working.
On the old server the httpd.conf is pointing to blah/ssl.crt/server.crt
and blah/ssl.key/serker.key. While expired, the cert info through the
browser shows the right info.
I copied those exact files over to the new server and placed them where
ssl.conf points, and I get the default localhost info.
BUT, if I use servername.com.crt and servername.com.key located in the
older server, the new server shows the right (if expired) info just
fine.

Weird because I see nothing in httpd.conf that points to those files.

*shrug*
Thanks for the tip! It got me in the right direction!
Liam

Re: transfering an SSL certificate to new server

Post removed (X-No-Archive: yes)

Re: transfering an SSL certificate to new server

wrote in message
news:1132252624.143889.5920@g49g2000cwa.googlegroups.com...
> Our old server, a RedHat ES2 with Apache 1.3.27 was compromised and
> we're migrating to a new box with RH ES4 and Apache 2.0.52.
>
> It's a safe assumption that I can't just copy over the ssl.crt/ and
> ssl.key/ files from one to the other machine, right?
> (Actually, I tried it already. And yeah, it gives the same default info
> when you view the cert threw the browser.)

If the box was compromised, you should throw them out. If you really feel
the need to use the old ones, you can use them on the new box as long as
they're on the same hostname. May I suggest reading the manpages for the
openssl software, and the documentation on www.openssl.org?