Using Pre-Existing Keys and Certificates

Previous page
Table of content
Next page


If you already have an existing key and certificate (for example, if you are installing the secure Web server to replace another company’s secure Web server product), you will probably be able to use your existing key and certificate with the secure Web server. In the following two situations, you will not be able to use your existing key and certificate:

  • If you are changing your IP address or domain name. You cannot use your old key and certificate if you are changing your IP address or domain name. Certificates are issued for a particular IP address and domain name pair. You will need to get a new certificate if you are changing your IP address or domain name.

  • If you have a certificate from VeriSign and you are changing your server software. VeriSign is a widely used CA. If you already have a VeriSign certificate for another purpose, you may have considered using your existing VeriSign certificate with your new secure Web server. However, you will not be allowed to, because VeriSign issues certificates for one particular server software and IP address/domain name combination. If you change either of those parameters (for example, if you previously used another secure Web server product and now you want to use the secure Web server), the VeriSign certificate you obtained to use with the previous configuration will not work with the new configuration. You will need to obtain a new certificate.

If you have an existing key and certificate that you can use, you will not have to generate a new key and obtain a new certificate. However, you may need to move and rename the files that contain your key and certificate. Move your existing key file to:

/etc/httpd/conf/ssl.key/server.key

Move your existing certificate file to:

/etc/httpd/conf/ssl.crt/server.crt

After you have moved your key and certificate, skip to the section “Testing Your Certificate.”

If you are upgrading from the Red Hat Secure Web Server versions 1.0 and 2.0, your old key (httpsd.key) and certificate (httpsd.crt) will be located in /etc/httpd/conf/. You will need to move and rename your key and certificate so that the secure Web server can use them. Use the following two commands to move and rename your key and certificate files:

mv /etc/httpd/conf/httpsd.key /etc/httpd/conf/ssl.key/server.key mv /etc/httpd/conf/httpsd.crt /etc/httpd/conf/ssl.crt/server.crt

Then start your secure Web server with the command

/sbin/service httpd start

For a secure server, you will be prompted to enter your password. After you type it and press Enter, the server will start. You should not need to get a new certificate, if you are upgrading from a previous version of the secure Web server.


Previous page
Table of content
Next page
Official Red Hat Linux Administrator's Guide
Official Red Hat Linux Administrators Guide
ISBN: 0764516957
EAN: 2147483647
Year: 2002
Pages: 278
Authors: Red Hat Inc
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
CISSP Exam Cram 2
Software Configuration Management
SQL Tips & Techniques (Miscellaneous)
Snort Cookbook
Java Concurrency in Practice
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy