Godaddy ssl needs 2048 bits
- Thread starter aitorla
- Start date
nobaloney
NoBaloney Internet Svcs - In Memoriam †
This has been discussed previously. To delete the 1024-bit private key you must first use DirectAdmin to create a self-signed certificate, choosing a 2048-bit private key. This will replace the internal 1024-bit private key. Then go through the Certificate page again, this time selecting a CSR. This will use the 2048-bit private key to build the new CSR.
Jeff
Jeff
R1Lover
Verified User
- Joined
- Feb 24, 2007
- Messages
- 446
Jeff, this isn't working and it's still creating a new 1024 key.....
DO we need to delete the old key manually? Is this new key created created with direct admin or the command line? Because I can't see a way to specify a 2048 key under direct admin.... only manually.
R1Lover
Verified User
- Joined
- Feb 24, 2007
- Messages
- 446
I'm a little confused here... I have created a 2048 key for the server, for direct admin... they are both using 2048 self signed key's.
I then go to one domain to make a CSR through Directadmin and it pulls a 1024 key again and replaces the 2048 I made through ssh.
How do I resolve this please?
I then go to one domain to make a CSR through Directadmin and it pulls a 1024 key again and replaces the 2048 I made through ssh.
How do I resolve this please?
floyd
Verified User
- Joined
- Mar 29, 2005
- Messages
- 6,251
That is what happens when you use a skin not maintained by DirectAdmin.
hardikdwivedi
New member
- Joined
- Apr 8, 2010
- Messages
- 1
Does any one found solution for this issue??? Need solution urgently!!!!
nobaloney
NoBaloney Internet Svcs - In Memoriam †
1) You must use a skin that supports either 1024 or 2048 bits.
2) You must create a new 2048-bit key. Creating a CSR always uses the old key. To create a new key you must first use DirectAdmin to create a self-signed Certificate, making sure to set for 2048 bits.
Once that's done you should create the CSR, making sure again to set for 2048 bits.
A bit cumbersome, but we do it almost every day.
It works.
Jeff
2) You must create a new 2048-bit key. Creating a CSR always uses the old key. To create a new key you must first use DirectAdmin to create a self-signed Certificate, making sure to set for 2048 bits.
Once that's done you should create the CSR, making sure again to set for 2048 bits.
A bit cumbersome, but we do it almost every day.
It works.
Jeff
- Joined
- Feb 27, 2003
- Messages
- 9,158
Hello,
FYI, I've addressed this issue for the next release of DA:
http://www.directadmin.com/features.php?id=1074
Keep in mind that once DA notices the bit differences, it will backup your old key and replace it with the new one, which will mean your new key and old cert won't be a valid pair, so DA will set your website to use the shared server certificate until you paste in your new cert. More info in the above link.
John
FYI, I've addressed this issue for the next release of DA:
http://www.directadmin.com/features.php?id=1074
Keep in mind that once DA notices the bit differences, it will backup your old key and replace it with the new one, which will mean your new key and old cert won't be a valid pair, so DA will set your website to use the shared server certificate until you paste in your new cert. More info in the above link.
John
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Thanks, John. A careful read of your new feature post indicates that anyone who wants to, and keeps a copy of the old Certificate, can still reinstall the old key and Certificate.
To me this is acceptable.
For everyone:
If you do that, be sure to save the new key; you'll have to install it again.
Note also that if you don't reinstall the old key and Certificate before you order your new Certificate, you'll probably break your Certificate Vendor's automatic extra-month(s) issue on renewal or competitive Certificate orders.
We do it this way:
We save the old key and cert.
We create the new CSR and key.
We save both.
We restore the old key and cert.
We issue the new Certificate.
When we install the new Certificate we also install the new key again at the same time.
This will keep the extra month(s) issue working.
Is this all too complicated for you? Are you afraid you'll lose the new key and need to get your Certificate reissued? Do you have problems with those pesky CA Root Certificates?
Our special offering for DirectAdmin Certificates including installation may be found here.
Jeff
To me this is acceptable.
For everyone:
If you do that, be sure to save the new key; you'll have to install it again.
Note also that if you don't reinstall the old key and Certificate before you order your new Certificate, you'll probably break your Certificate Vendor's automatic extra-month(s) issue on renewal or competitive Certificate orders.
We do it this way:
We save the old key and cert.
We create the new CSR and key.
We save both.
We restore the old key and cert.
We issue the new Certificate.
When we install the new Certificate we also install the new key again at the same time.
This will keep the extra month(s) issue working.
Is this all too complicated for you? Are you afraid you'll lose the new key and need to get your Certificate reissued? Do you have problems with those pesky CA Root Certificates?
Our special offering for DirectAdmin Certificates including installation may be found here.
Jeff