Alex Kennberg
Alex Kennberg

Reputation: 870

Best practice to switch apache2 SSL to the next year's certificate

What is the best practice to make a switch from last year's SSL certificate to the next year's? Is it possible to declare both certificates in the enabled site config for the same site/ip?

If I have to make the switch manually the minute before cert expires, then are there any scripts or tips to make it automatic in Linux (ubuntu)?

I have a standard setup with VirtualHost that declares current certs

  SSLEngine on
  SSLCertificateFile    ...crt.2012
  SSLCertificateKeyFile ...key.2012

Upvotes: 2

Views: 161

Answers (1)

Remi Gacogne
Remi Gacogne

Reputation: 4853

You generally want your new certificate to have a validity period beginning some time before the end of validity of the old one. That way, you have the time to change the SSLCertificateFile (and SSLCertificateKeyFile if needed), do a graceful reload and test. If something does not work fine, you can do a rollback (as the old certificate is still valid) and maybe have a new certificate issued if need be.

Upvotes: 2

Related Questions