How to Move or Copy an SSL Certificate from one Server to Another

Do you have multiple servers that need to use the same SSL certificate? This is very common in an environment where a load-balancer is used to share the load of a website across several different servers. This is also becoming more common as wildcard certificates and UC SSL certificates increase in popularity because they enable a single certificate to work on multiple different domains or subdomains using SSL Host Headers.

What about when you set up a new server or switch hosting companies? How do you move the current SSL certificate to the new server? What if you need to move it to a different type of server? The answers to all of those questions are contained in the following pages. Essentially, you will export SSL certificates from the server that they are currently installed on, move SSL certificates to the new server, and then import SSL certificates on the new server.

Keep in mind that many certificate authorities, require that you purchase a "server license" for each server that you install an SSL certificate to, even if it uses the same private key. And speaking of private keys, it is slightly less secure to copy the SSL certificate and use the same private key on a different server. If an attacker breaks into one server and gets the private key, he will be able to listen in on the connections that other servers are making.

We will assume that you have already successfully installed the SSL certificate on one web server. You will follow these steps to move or copy that working certificate to a new server:

  1. Export the SSL certificate from the server with the private key and any intermediate certificates.
  2. Convert the certificate to a different format if you are putting it on a different type of server.
  3. Import the SSL certificates and private key on the new server and configure your sites to use them.

Now on to the instructions. What would you like to do?


Originally posted on Sun Nov 9, 2008