Refreshing renewed SSL certificate

Refreshing renewed SSL certificate

am 09.09.2009 16:54:23 von Andy Hawkins

Hi,

I renewed an SSL certificate today, and replaced the server's .crt file (the
one pointed to by the 'SSLCertificateFile' parameter in the server's
config). However, when I restarted the server (apachectl restart, server is
v1.3.34) requests to the server still seemed to return the original
certificate.

I got around this by rebooting the server, but this seems a little drastic!

Can anyone tell me what I need to do to get new certificates recognised?

Thanks

Andy


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Refreshing renewed SSL certificate

am 09.09.2009 17:50:37 von Justin Pasher

Andy Hawkins wrote:
> Hi,
>
> I renewed an SSL certificate today, and replaced the server's .crt file (the
> one pointed to by the 'SSLCertificateFile' parameter in the server's
> config). However, when I restarted the server (apachectl restart, server is
> v1.3.34) requests to the server still seemed to return the original
> certificate.
>
> I got around this by rebooting the server, but this seems a little drastic!
>
> Can anyone tell me what I need to do to get new certificates recognised?
>

FWIW, in my experience, installing or changing an SSL cert on an Apache
1 server requires a stop and start (restart/reload won't work). Now
this is using apache-ssl (as opposed to mod_ssl), but it sounds the same
for your situation.

Perhaps it has to due with apache no longer having root permissions
after it has started (I believe a restart just sends a SIGHUP to the
process), and it wants to reload both the cert and private key (private
keys SHOULD only be readable by root, if secured properly). This is all
speculation on my part though.


--
Justin Pasher

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Refreshing renewed SSL certificate

am 10.09.2009 18:20:49 von Andy Hawkins

Hi,

In article <4AA7CECD.9020302@newmediagateway.com>,
Justin Pasher wrote:
> FWIW, in my experience, installing or changing an SSL cert on an Apache
> 1 server requires a stop and start (restart/reload won't work). Now
> this is using apache-ssl (as opposed to mod_ssl), but it sounds the same
> for your situation.

Ah ok, that might explain it. I'll try to remember to do a full stop / start
next time.

Andy


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org