[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Moving SSL to Raq3

Subject: Re: [cobalt-users] Moving SSL to Raq3
From: flash22@xxxxxxx
Date: Wed Oct 3 14:19:11 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Thu, 4 Oct 2001, BT wrote:

> 
> ----- Original Message -----
> From: "Jay Fesco" <jay@xxxxxxxxxxxx>
> To: <cobalt-users@xxxxxxxxxxxxxxx>
> Sent: Wednesday, October 03, 2001 2:06 PM
> Subject: RE: [cobalt-users] Moving SSL to Raq3
> 
> 
> > > Has anyone successfully moved a current certificate from one server to a
> > > Raq3 if possible and gotten it to work. If you did what was the
> > > process you
> > > used.
> > > We have a client that is coming on from a competitor as well as we may
> be
> > > getting 4 other eccomerce clients from the same company. We are getting
> > > desperate. I don't want to call cobalt yet:(
> >
> > Our experience is that you have to purchase new certs when you move to a
> new
> > machine.  The cert is keyed specifically to the machine it's generated for
> > and won't work anywhere else.  Wish I had better news for you (and perhaps

no

> > I'm wrong, but unfortunately I don't think so).
> 
> missed the first part fo this thread, but speaking from personal experience
> of thawte certs they are machine specific, in much the same way as the MS

not always

> windows XP activation code, and so cannot be transferred from box to box....
> 
> whoever issued the cert could issue a new / replacement one in a few hours
> though.

for the cost of a new cert ;)

The real problem here is, you need the private key used to generate the
certificate signing request data that was sent to the CA to get the
certificate, the resulting public key (The 'cert') is the public key that
matches the private key on the server.

When you move a key to a new server, you need BOTH parts, chances are tho,
their old isp won't give you that , and the customer doesn't have it
either, because they never had it, at best they got the CSR.

If you do get it, you still need it to match the server type, and the
server has to support the encryption type used to encode the keys unless
they are stripped (eg no password is encoded in the private key)

if you can do all that, you can make it work, but you will have to sneak
by the raq's interface to stick the private key in, normally you create
that on the server, in this case you need to use one that already
exists...

ps: One other gotcha, the CA's require a contact person with the Cert that
is often set to someone@isp, if you are moving the domain , this changes,
and technically, you are required to get a new certificate to reflect
this...(It has no functional signifigance however, just legal ;)

gsh

Follow-Ups:
- Re: [cobalt-users] Moving SSL to Raq3
  - From: David Thurman

References:
- Re: [cobalt-users] Moving SSL to Raq3
  - From: BT

Prev by Date: Re: [cobalt-users] Moving SSL to Raq3
Next by Date: Re: [cobalt-users] Re: Stuck Connections
Previous by thread: Re: [cobalt-users] Moving SSL to Raq3
Next by thread: Re: [cobalt-users] Moving SSL to Raq3

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index