cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

How do I generate a private key for a wildcard SSL cert already in use on >2 servers?

I have a wildcard SSL certificate which I successfully installed on 2 IIS servers about a year ago.

I now have an Ubuntu Apache server that I also want to install the certifcate on.

I have downloaded the cert files for Apache, which gives me a crt and a pem file (which look identical) and a crt bundle.

I follow the installation instructions at https://uk.godaddy.com/help/manually-install-an-ssl-certificate-on-my-apache-server-ubuntu-32078 which tell me how to install the two crt files but does not tell me how to generate the private key on this system.


If i try to generate a new CSR to produce a key file, apache fails with
AH00016: Configuration Failed
AH02565: Certificate and private key ~.com:443:0 from /etc/ssl/~.crt and /etc/ssl/private/~.key do not match

so.. how do I create the private key and what is the pem file for?

2 ACCEPTED SOLUTIONS
Employee

Hello @Mike_from_K and thank you for being a part of the Community!

 

I apologize for the delayed response. Were you able to get this issue resolved and do you mind sharing how?

 

If you were not able to get this issue fixed, I want to help assist you as best as I can. I am not a security services expert but based off the error message you received, the private key and certificate key are mismatched. The private key is generated when you create the CSR for your SSL. Here is a link on how to generate a CSR for your Apache server. After completing this, you can then rekey your SSL and follow the guide you have on manually installing your SSL on your Apache server.

 

Again I apologize for the delayed response and hope the guides provided will be able to further assist you with troubleshooting this issue.

GoDaddy Support is available 24/7!

View solution in original post

Hello SG4101

That is not a solution, as generating a new CSR would invalidate the certifcates already installed on the two IIS servers.

 

The only way that I have found to resolve this situation is to export the certificate from the Windows MMC console on my original IIS server, then use openssl on the apache server to generate the crt,key and bundle files, followed by a restart of apache.

 

 

View solution in original post

2 REPLIES 2
Employee

Hello @Mike_from_K and thank you for being a part of the Community!

 

I apologize for the delayed response. Were you able to get this issue resolved and do you mind sharing how?

 

If you were not able to get this issue fixed, I want to help assist you as best as I can. I am not a security services expert but based off the error message you received, the private key and certificate key are mismatched. The private key is generated when you create the CSR for your SSL. Here is a link on how to generate a CSR for your Apache server. After completing this, you can then rekey your SSL and follow the guide you have on manually installing your SSL on your Apache server.

 

Again I apologize for the delayed response and hope the guides provided will be able to further assist you with troubleshooting this issue.

GoDaddy Support is available 24/7!

View solution in original post

Hello SG4101

That is not a solution, as generating a new CSR would invalidate the certifcates already installed on the two IIS servers.

 

The only way that I have found to resolve this situation is to export the certificate from the Windows MMC console on my original IIS server, then use openssl on the apache server to generate the crt,key and bundle files, followed by a restart of apache.

 

 

View solution in original post