Reputation: 870
Best practice to switch apache2 SSL to the next year's certificate
What is the best practice to make a switch from last year's SSL certificate to the next year's? Is it possible to declare both certificates in the enabled site config for the same site/ip?
If I have to make the switch manually the minute before cert expires, then are there any scripts or tips to make it automatic in Linux (ubuntu)?
I have a standard setup with VirtualHost that declares current certs
SSLEngine on
SSLCertificateFile ...crt.2012
SSLCertificateKeyFile ...key.2012
Upvotes: 2
Views: 161
Answers (1)
Reputation: 4853
You generally want your new certificate to have a validity period beginning some time before the end of validity of the old one. That way, you have the time to change the SSLCertificateFile (and SSLCertificateKeyFile if needed), do a graceful reload and test. If something does not work fine, you can do a rollback (as the old certificate is still valid) and maybe have a new certificate issued if need be.
Upvotes: 2
Related Questions
- Apache2 sometimes serving old SSL certificate
- Can we replace new server certificate from old server certificate?
- SSL renew certificate on apache keeps using old certtificate file
- Migrating from apache2 to vertx 3 when using ssl
- Renewing Apache SSL Certificate
- Migrate to new SSL Certificate in IIS
- How to force SSL renegotiation on apache for a test
- Disable SSL 2.0 but not SSL 2.0+ updated? Apache 2.x
- Will a new SSL certificate affect the existing one?
- https: Apache TLS renegotiation: Debian, Apache2, openssl. How to?