• Register

How do I move certificates between 2 linux servers?

0 votes
I'm looking to move a certificate from one Ubuntu server to another Ubuntu server? I'm running Apache. Are there any instructions out there to help me?
asked Jan 26, 2015 in SSL Certificates by bobbyjoe (160 points)

1 Answer

0 votes

Thanks for using SSL.com for your website security needs. We're happy to help you migrate your certificate to a new server. There are two options that you can use to move the certificate. If you plan on using both servers, simultaneously, then I suggest simply creating a private key and CSR on the new server and then reissuing the certificate with the new CSR.  Then, you can install the reissued certificate on the newer server.  So long as you don't change the website name that is being protected, the previous certificate will not be invalidated.  Of the two methods, this is the preferred method since the two private keys means separate security for the two servers.  Also, since you may reissue the certificate an unlimited number of times over the life of the certificate for free, there is no problem in providing maximum security for all of your servers.


The second method of securing the new server is to migrate the certificate from the older server to the newer server(s).  This method is likely the easiest as it doesn't involve additional validation processes, like the aforementioned method.  However there is a security risk in copying the private key from one server to another in that in the unlikely event that your certificate is hacked, then all servers using that private key will also be at risk.  That being said, in order to copy the certificate from one server to another, you will need to move the private key, the public key, and the certificate chain.


To do this, please copy the certificate files and transfer them to the new server.  If you are unsure of the path of the files, you can grep the information from the apache configuration file.  The exact location of your apache configuration file will be dependent on your particular setup, but for the following code example we will pretend that the configuration file is located at /etc/apache2/sites-enabled/website.conf.  Be sure to replace  the pretend path in italics and use one that matches your setup.


grep SSLCertificate /etc/apache2/sites-enabled/website.conf


The results of the command should be three lines, each giving the path to either the SSLCertificateFile, the SSLCertificateKeyFile, or the SSLCertificateChainFile.   Make a note of the file paths and copy and move those three files to the new server.  Update the website's apache configuration file on the new server to enable SSL and update the certificate file paths, and you should be good to go.


answered Jan 27, 2015 by TomZ. (1,090 points)

Related questions