Ask a Question

Solution ID : SO7447

Last Modified : 05/02/2018

Move certificate from Apache to Apache

Problem

Move Certificate
Move Certificate and Private Key from one Apache server to another Apache server
Move Certificate from Apache to Apache
Move Certificate and Private Key from one Unix server to another Unix server

Solution

In some situations, you may need to export the server certificate. For example:

  • You are moving the certificate to a new host. In this case, you export the files from the current host and import them into the new host.
  • You are creating a backup copy of your certificate (in case anything happens to the host). Thawte strongly recommends that you create and securely store a backup copy (for example, on a diskette or CD).

To move (export) the certificate to another host, you move both the public certificate that you received from Thawte and the Private Key that was created on the server while you were generating the CSR (certificate signing request).  To move a certificate from Apache to Apache, follow these steps:

Step 1: Determine the location of the private key and certificate files.

  1. Look in the httpd.config file for the following directives because they point to the location of the key and certificate files:

    SSLCertificateFile .../path/to/mycertfile.crt
    SSLCertificateKeyFile .../path/to/mykeyfile.key
    SSLCertificateChainFile or SSLCACertificateFile /etc/ssl/crt/ca_bundle.crt

    Note: Certain Apache server, utilizes the SSLCACertificateFile as SSL directive for Intermediate CA.
     
  2. After locating the key and certificate location, copy the files from the original server to the httpd.conf file of the target server.
     
  3. Set the above-listed directives to point to the new locations of the .crt and .key files:

Ensure that the SSLCertificateFile directive points to the *.crt file.
Ensure that the SSLCeritificateKeyFile directive points to the *.key file.
​Ensure that the SSLCertificateChainFile or SSLCACertificateFile directive points to the *.crt file (Intermediate CA bundle).

 

Step 2: Export (back up) the certificate.

Copy the .key file, both .crt file for SSL and Intermediate CA and the httpd.conf file to a diskette or CD.
 

Step 3Import the certificate.

  1. On the target host, copy the .key file and both .crt file for SSL and Intermediate CA from the diskette or CD to the appropriate directory. 
     
  2. Edit the virtual host section of the httpd.conf file so that the SSLCertificateFile / SSLCertificateChainFile or SSLCACertificateFile directive points to the .crt file and the SSLCertificateKeyFile directive points to the .key file. You can use the virtual host section of the httpd.conf file on the diskette or CD as a guide.

    SSLCertificateFile .../path/to/mycertfile.crt
    SSLCertificateKeyFile .../path/to/mykeyfile.key
    SSLCertificateChainFile or SSLCACertificateFile /etc/ssl/crt/ca_bundle.crt