How to Move or Copy an SSL Certificate from one Server to Another

Do you have multiple servers that need to use the same SSL certificate? This is very common in an environment where a load-balancer is used to share the load of a website across several different servers. This is also becoming more common as wildcard certificates and UC SSL certificates increase in popularity because they enable a single certificate to work on multiple different domains or subdomains using SSL Host Headers.

What about when you set up a new server or switch hosting companies? How do you move the current SSL certificate to the new server? What if you need to move it to a different type of server? The answers to all of those questions are contained in the following pages. Essentially, you will export SSL certificates from the server that they are currently installed on, move SSL certificates to the new server, and then import SSL certificates on the new server.

Keep in mind that many certificate authorities, require that you purchase a "server license" for each server that you install an SSL certificate to, even if it uses the same private key. And speaking of private keys, it is slightly less secure to copy the SSL certificate and use the same private key on a different server. If an attacker breaks into one server and gets the private key, he will be able to listen in on the connections that other servers are making.

We will assume that you have already successfully installed the SSL certificate on one web server. You will follow these steps to move or copy that working certificate to a new server:

  1. Export the SSL certificate from the server with the private key and any intermediate certificates.
  2. Convert the certificate to a different format if you are putting it on a different type of server.
  3. Import the SSL certificates and private key on the new server and configure your sites to use them.

Now on to the instructions. What would you like to do?

 

Originally posted on Sun Nov 9, 2008

Comments (1)

  1. Prasad Moharil:
    May 01, 2013 at 10:13 PM

    Hi Team we are migrating our application to new Servers (2). We have decided to buy 2 server license to be installed on two server. But Domain name for the certificate will remain same (www.dslchecker.bt.com). Now we have following queries 1. Will there any chnage in private keys 2 if So Does Client also need to certificate on there server. 3. We are doing phase wise deployment in first week we will introduce one new site with new certificate and exisitng Site with old certifictae pointing to same DNS(Domain name remain same). in secon week will will remove existing site and make both new site live. 4. in step 3 will there be any impact on Client (Customer)





Allowed tags: <b><i><br>Add a new comment: