Solved! The new certificate was issued with a new private key but I did not receive info about that.
I have now received both the crt and the private key and apache is up and running again. Thanks -----Original Message----- From: Rainer M. Canavan [mailto:rainer.cana...@sevenval.com] Sent: 25. oktober 2013 13:57 To: users@httpd.apache.org Subject: Re: [users@httpd] Trouble installing renewed SSL certificate On Oct 25, 2013, at 13:25 , Øyvind Lode <oyv...@lode.is> wrote: > Hi Harald. > > No. > > I just received the new certificate from Comodo. > > I assume they used the original csr file which I have stored somewhere > :) > > I thought I documented what I did to set up the cert but can't for the life > of me find it now. If the same csr was used, it should be sufficient to replace the .crt. > So I probably just need to create a new private key but memory does > not serve me well right now haha > > I'm starting to believe that receiving a renewed cert is actually like > receiving a cert in the first place and should be installed like a completely > new cert. > If you know of a good article on how to install a ssl cert including creating > a new private key and ca-bundle please let me know. A certificate is linked to the specific private key it was created for. The modulus of that key was stored in the CSR that was used to generate the certificate. You need to find the correct key, since you won't be able to generate a matching one. You can check the modulus of the key, csr and certificate with openssl: openssl x509 -noout -modulus -in certificate.crt openssl rsa -noout -modulus -in private.key openssl req -noout -modulus -in csr.csr You probably should check the certificate as well, especially the CN of the Subject, e.g. with openssl x509 -noout -text -in certificate.crt rainer --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
