Rekeying your SSL Certificate
Article Number: 881 | Rating: Unrated | Last Updated: Fri, Sep 16, 2016 at 2:17 PM
How to rekey your SSL certificate
This article show show to rekey SSL certificates with either SSH or, for Nexcess clients, by using SiteWorx.
Regenerating the key from a terminal console
Attention: All certificates must have at least a 2048-bit key size.
- Log in to your server instance using the SSH credentials provided to you in the Nexcess Welcome Email.
- Type the following command at the prompt: openssl req -nodes -newkey rsa:2048 -keyout <newkeyfile.priv.key> -out <newcsrfile.csr>
- This command will generate a 2048 bit RSA private key titled newkeyfile.priv.key and a CSR titled newcsrfile.csr.
- The following fields must be populated before the certificates are ready, and the private key is regenerated.
When prompted for a pass phrase: Do not enter a passphrase for your SSL
. We do not require it on our servers.
- Country Name: Use the two-letter code without punctuation for country, for example: US or CA.
- State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: Michigan.
- Locality or City: The Locality field is the city or town name, for example: Berkley. Do not abbreviate. For example: Saint Louis, not St. Louis.
- Company: If the company or department has an &, @, or any other symbol using the shift key in its name, the symbol must be spelled out or omitted, in order to enroll. For example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
- Organizational Unit: This field is optional; but can be used to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request. To skip the OU field, click Enter on the keyboard.
- Common Name: The Common Name is the Host + Domain Name. For example, company.com.
A new private key and CSR have been created. Copy and paste the contents of these two documents, newkeyfile.priv.key and newcsrfile.csr into Notepad or a similar text editor. Attention: Microsoft Word or Apple Pages may insert extra characters, which can alter the contents of the private key and CSR.
If you purchased your certificate through Nexcess, send these two files to email@example.com, and the Support team will assist in having the SSL rekeyed.
If you purchased your SSL certificate through a third party provider, send these two files to the certificate provider, and they will assist in having the SSL rekeyed.
Regenerating the key from the Siteworx control panel
Attention: This method will create some site disruptions in service, until the new SSL certificate is generated and installed.
Stage 1: Save your SSL records
- Log in to your SiteWorx instance.
- From the left-side menu, click Hosting Features > Domains > SSL.
- Copy all three documents, Private Key, CSR Chain, and SSL separately, and paste them into a document for use later.
- Delete the Private Key, then the CSR and SSL Certificate will be removed.
Stage 2: Regeneratie your SSL credentials
- Click Setup Private Key.
- Click Generate, and a Private Key will be created for you.
Attention: Key Length: only the 2048-bit is accepted.
Stage 3: Generate a CSR
In the Manage CSR
dialog box, type your company name and location, which should match the information from your previous certificate. Attention:
Use caution when specifying a name in the Common Name
field. Be aware that www.example.com
does not equal example.com.
will display as invalid if the common name does not exactly match your real URL
. For assistance, contact our Support Team
- Click Generate.
- If you purchased your certificate through Nexcess, send these two files to firstname.lastname@example.org so we can assist. If you purchased your SSL certificate through a third-party provider, send these two files to the certificate provider instead.
Stage 4: Install the old SSL certificate
- In order to keep your site secure while the SSL Certificate is regenerating, install the old SSL Certificate so your site will function properly.
- Copy the contents of your previously generated private key, chain and CSR, and keep for later use.
- Delete the existing contents and replace them with the previously installed Private Key, CSR, and SSL certificate.
For inquiries or assistance with SSL certificates, contact our Sales Team between 9 a.m. and 5 p.m. eastern time (ET), Monday - Friday.
There are no attachments for this article.
What is SNI?
Added on Tue, Jan 10, 2017
What is a CSR?
Added on Mon, Sep 8, 2014