Contact
Site: US UK AU |

How to rekey your SSL certificate

How to recreate keys for SSL certificates

Overview
This article show how Classic (non-Cloud) Nexcess clients can re-create SSL keys by either using SiteWorx or the command line interface (CLI), provided they have SSH access. 

Using SiteWorx 

Attention: This method will create some site disruptions in service, until the new SSL certificate is generated and installed.  

Stage 1: Save your SSL records

  1. Log in to your SiteWorx account.

    • If you do not know your password, click Forgot Your Password? on the login page.
    • If you do not know the web address for your SiteWorx login page, either refer to your Welcome Email or contact our 24-hour Support Team for assistance. 

  2. From the main menu, select Hosting Features > Domains > SSL.


  3. Copy all three documents, Private Key, CSR Chain, and SSL separately, and paste them into a document for use later.  
  4. Delete the Private Key, then the CSR and SSL Certificate will be removed.  

Stage 2: Regenerate your SSL credentials 

  1. Click Setup Private Key.
    SiteWorx SSL Certificates Page: Set Up Private Key

  2. Click Generate, and a Private Key will be created for you. 

    Attention: Key Length: only the 2048-bit is accepted.

    SiteWorx SSL Certificates Page: Paste or Generate a Private Key

Stage 3: Generate a CSR

  1. In the Manage CSR dialog box, type your company name and location, which should match the information from your previous certificate. 
    Attention: Use caution when specifying a name in the Common Name field. Be aware that www.example.com does not equal example.com. The SSL will display as invalid if the common name does not exactly match your real URL. For assistance, contact our Support Team
    SiteWorx SSL Certificates Page:  Generate or Install a CSR

  2. Click Generate.
  3. If you purchased your certificate through Nexcess, send these two files to support@nexcess.net so we can assist. If you purchased your SSL certificate through a third-party provider, send these two files to the certificate provider instead.  

Stage 4: Install the old SSL certificate

  1. In order to keep your site secure while the SSL Certificate is regenerating, install the old SSL Certificate so your site will function properly.
  2. Copy the contents of your previously generated private key, chain and CSR, and keep for later use.
  3. Delete the existing contents and replace them with the previously installed Private Key, CSR, and SSL certificate. 

Using SSH 

Attention: All certificates must have at least a 2048-bit key size.

  1. Log in to your server instance using the SSH credentials provided to you in the Nexcess Welcome Email.  
  2. Issue: 

    openssl req -nodes -newkey rsa:2048 -keyout <newkeyfile.priv.key> -out <newcsrfile.csr>

  3. This command will generate a 2048 bit RSA private key titled newkeyfile.priv.key and a CSR titled newcsrfile.csr.
  4. The following fields must be populated before the certificates are ready, and the private key is regenerated.   

    Attention: When prompted for a pass phrase: Do not enter a passphrase for your SSL. We do not require it on our servers. 

    • Country Name: Use the two-letter code without punctuation for country, for example: US or CA.
    • State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: Michigan. 
    • Locality or City: The Locality field is the city or town name, for example: Berkley. Do not abbreviate. For example: Saint Louis, not St. Louis. 
    • Company: If the company or department has an &, @, or any other symbol using the shift key in its name, the symbol must be spelled out or omitted, in order to enroll. For example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation. 
    • Organizational Unit: This field is optional; but can be used to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request. To skip the OU field, click Enter on the keyboard. 
    • Common Name: The Common Name is the Host Domain Name. For example, company.com. 
  5. A new private key and CSR have been created. Copy and paste the contents of these two documents, newkeyfile.priv.key and newcsrfile.csr into Notepad or a similar text editor.  Attention: Microsoft Word or Apple Pages may insert extra characters, which can alter the contents of the private key and CSR.
  6. If you purchased your certificate through Nexcess, send these two files to support@nexcess.net, and the Support team will assist with rekeying your SSL. If you purchased your SSL certificate through a third party provider, send these two files to the certificate provider, and they will assist in having the SSL rekeyed.  

 

For inquiries or assistance with SSL certificates, contact our Sales Team between 9 a.m. and 5 p.m. eastern time (ET), Monday - Friday.

Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
 
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
How to create MySQL databases and users with SiteWorx
Added on Wed, Sep 11, 2013
How to create MySQL database user accounts in SiteWorx
Added on Mon, Aug 5, 2013
How to add FTP accounts with SiteWorx
Added on Mon, Jun 11, 2018
How to delete a MySQL database with SiteWorx
Added on Tue, Jul 30, 2013
How to purchase SSL certificates from your Client Portal
Added on Thu, Sep 13, 2018
How to renew your SSL certificate
Added on Mon, Feb 23, 2015
How to restore partial backups with SiteWorx
Added on Tue, Aug 6, 2013
How to add secondary domains with SiteWorx
Added on Fri, Jun 1, 2018
What is phpMyAdmin?
Added on Fri, Sep 5, 2014
How to download backup files with SiteWorx
Added on Tue, Aug 6, 2013