New private key needed for generating SSL cert

P

paulus

Verified User
Joined
Sep 11, 2007
Messages
27
My SSL provider informed me that my SSL certificate was weak due to debian bug. I tried to make a new CSR, but its still weak.
My host now informed me that I need to make a new private key before I generate the CSR.
I found at the help already something, but when I do that its still weak. Does anybody know what private key is used for a normal (So not a reseller or admin) to generate the CSR, and how I can regenerate that?

Thanks.
 
You should delete the current private key and then when you create a CSR a new one will be created.

But you have to update Debian first.

If it's not your server get in touch with your provider.

To find the old private key look in the user-level httpd.conf file. You can find where that is by looking in the bottom of the includes in /etc/httpd/conf/httpd.conf.

The above has to be done by someone with root login; so again, if it's not your server, contact your provider.

Jeff
 
Ah okay. Iam going to try that tomorrow. I had updated debian already sometime ago, but got this week informed about my SSL cert (Bit late from my host...).

Thanks :D
 
You don't have the fix the private key. When you create a new CSR, a new key will be created.

Tell your host to update their openssl and openssl libraries!
 
martysmarty said:
You don't have the fix the private key. When you create a new CSR, a new key will be created.

Tell your host to update their openssl and openssl libraries!
Click to expand...

That will not work if its your own server :) The libaries also were already updated, so that didnt work.
I have removed the private key, and regerated the SSH, and this CSR was accepted by my SSL provider.

Thanks :).
 
martysmarty said:
You don't have the fix the private key. When you create a new CSR, a new key will be created.
Click to expand...
Not true with DirectAdmin; DirectAdmin uses the old private key so the old Certificate will work (during a renewal process) until the new Certificate is installed.

Jeff
 
jlasman said:
Not true with DirectAdmin; DirectAdmin uses the old private key so the old Certificate will work (during a renewal process) until the new Certificate is installed.

Jeff
Click to expand...

Indeed, I tried it already without changing the private key, else I would not have asked here :P
 
nobaloney said:
Not true with DirectAdmin; DirectAdmin uses the old private key so the old Certificate will work (during a renewal process) until the new Certificate is installed.

Jeff
Click to expand...

I believe this behaviour might have changed now? I've just generated a new CSR, and DA says:
Your old 2048-bit key has been backed up to /home/***/backup-***-2048-bit.key
Newly installed key is 4096-bit
This domain will now temporarily use the Shared Server Certificate, unless you restore the backup key (but backup the new key first or it will become lost)
Click to expand...

Which suggests a new key has been generated. Or is this just because I've changed the size of the private key?
 
You must log in or register to reply here.
Back
Top