Using Pre-Existing Keys And Certificates - Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE Manual
Hide thumbs
Also See for LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE:
- Manual (206 pages) ,
- Reference manual (337 pages)
Table of Contents
Advertisement
Section 15.4:Using Pre-Existing Keys and Certificates
15.4 Using Pre-Existing Keys and Certificates
If you already have an existing key and certificate (for example, if you are installing the secure Web
server to replace another company's secure Web server product), you will probably be able to use your
existing key and certificate with the secure Web server. In the following two situations, you will not
be able to use your existing key and certificate:
•
If you are changing your IP address or domain name — You can not use your old key and certifi-
cate if you are changing your IP address or domain name. Certificates are issued for a particular
IP address and domain name pair. You will need to get a new certificate if you are changing your
IP address or domain name.
•
If you have a certificate from VeriSign and you are changing your server software — VeriSign is a
widely used CA. If you already have a VeriSign certificate for another purpose, you may have been
considering using your existing VeriSign certificate with your new secure Web server. However,
you will not be allowed to, because VeriSign issues certificates for one particular server software
and IP address/domain name combination.
If you change either of those parameters (for example, if you previously used another secure Web
server product and now you want to use the secure Web server), the VeriSign certificate you ob-
tained to use with the previous configuration will not work with the new configuration. You will
need to obtain a new certificate.
If you have an existing key and certificate that you can use, you will not have to generate a new key
and obtain a new certificate. However, you may need to move and rename the files which contain your
key and certificate.
Move your existing key file to:
/etc/httpd/conf/ssl.key/server.key
Move your existing certificate file to:
/etc/httpd/conf/ssl.crt/server.crt
After you have moved your key and certificate, skip to Section 15.9, Testing Your Certificate.
If you are upgrading from the Red Hat Secure Web Server versions 1.0 and 2.0, your old key
(httpsd.key) and certificate (httpsd.crt) will be located in /etc/httpd/conf/. You will
need to move and rename your key and certificate, so that the secure Web server can use them. Use
the following two commands to move and rename your key and certificate files:
mv /etc/httpd/conf/httpsd.key /etc/httpd/conf/ssl.key/server.key
mv /etc/httpd/conf/httpsd.crt /etc/httpd/conf/ssl.crt/server.crt
Then start your secure Web server with the command:
161
Advertisement
Table of Contents
Need help?
Do you have a question about the LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE and is the answer not in the manual?
Questions and answers