My RapidSSL Certificate is about to expire and I need to renew it. From what I understand, I can use the existing signature (less secure) or generate a new request. In either case, once I install the new key, is there any chance that browsers will display a warning or error message to users saying that the SSL cert has changed?
Also, I have some automated programs that SFTP information to my server every morning. Will they get a message that the server's signature has changed and manually need to accept?
Thanks
-
The only warnings users might get is if your new cert has a begin date before you start using it or if they have set a security exception for that particular cert (possible if they don't trust the RapidSSL root cert). Otherwise I'd just get a new cert using the old private key, install it, and call it a day.
I haven't dealt with RapidSSL before, but every other cert vendor I have dealt with sets the begin date to the moment the cert is issued. The end date is either X years after the being date; or X years after the old expiry date if you're renewing.
Joshua : Just to confirm, since I am not changing the SSL issuer (same company), if it worked before without problems, it will work now without problems? (assuming I install immediately when I get it.grawity : @Joshua: It does not matter what changes and what doesn't. The only thing that does matter is the validity/expiration dates.Chris S : Correct, if it worked before, popping in a renewed cert will seamlessly extend the expiry.From Chris S -
1) The browsers won't balk at the new certificate as long as it's signed by a trusted authority, so if you buy it from one of the regular channels, or sign it using an in-house CA that your browsers trust, then you're fine
2) sftp deals with the certificates that are part of the SSL/SSH subsystem, not the apache certificates, so it will be unaffected.
grawity : SSH and SFTP are not related to SSL "subsystem" at all.Matt Simmons : So you're suggesting that openssh doesn't rely on openssl?From Matt Simmons
0 comments:
Post a Comment