Moving or Copying SSL Certificate Between Apache Servers

Moving or copying an SSL certificate between two Apache servers involves several steps, which include exporting the certificate and private key from the source server and uploading them to the target server. Below is a step-by-step guide to help you through this process.

Prerequisites:

- Access to both the source and target Apache servers.

- SSL certificate (certificate file) and private key from the source server.

- Root or administrative privileges on both servers.

- SSH or terminal access to the servers.

- Knowledge of where SSL certificates and configuration files are stored on both servers.

Step-by-Step Guide: Moving or Copying SSL Certificates Between Apache Servers

Step 1: Export SSL Certificate and Private Key from the Source Server

1. Locate the SSL Certificate and Private Key:

On the source server, the SSL certificate is typically stored in /etc/ssl/certs/ or /etc/apache2/ssl/, and the private key is usually found in /etc/ssl/private/ or /etc/apache2/ssl/.

Example paths:

SSL Certificate: /etc/ssl/certs/yourdomain.crt

Private Key: /etc/ssl/private/yourdomain.key

2. Copy the SSL Certificate and Private Key:

Use SCP (secure copy) or any other method to securely transfer the certificate and key files to your local machine or directly to the target server.

Example using SCP to transfer to local machine:
bash
Copy code
scp /etc/ssl/certs/yourdomain.crt username@localmachine:/path/to/store/

scp /etc/ssl/private/yourdomain.key username@localmachine:/path/to/store/

If transferring directly to the target server:
bash
Copy code
scp /etc/ssl/certs/yourdomain.crt username@targetserver:/path/to/store/

scp /etc/ssl/private/yourdomain.key username@targetserver:/path/to/store/

Ensure Permissions Are Correct:

Ensure that the certificate and key files have appropriate permissions and are owned by the root user (or the user that Apache runs as, typically www-data on Debian-based systems or apache on RHEL-based systems).

Example to set correct permissions:
bash
Copy code
sudo chmod 600 /etc/ssl/private/yourdomain.key

sudo chown root:root /etc/ssl/private/yourdomain.key

Step 2: Copy SSL Certificate and Private Key to the Target Server

Transfer SSL Files:

If you’ve saved the certificate and private key on your local machine, use SCP to transfer them to the target Apache server.

Example:
bash
Copy code
scp /path/to/store/yourdomain.crt username@targetserver:/etc/ssl/certs/

scp /path/to/store/yourdomain.key username@targetserver:/etc/ssl/private/

Ensure Correct Permissions on the Target Server:

Ensure the files are owned by root and that the permissions are set to 600 (only the root user can read and write).

Set permissions:
bash
Copy code
sudo chmod 600 /etc/ssl/private/yourdomain.key

sudo chown root:root /etc/ssl/private/yourdomain.key

Step 3: Configure Apache to Use the SSL Certificate on the Target Server

1. Open the Apache SSL Configuration File:

On the target server, Apache’s SSL configuration file is usually located at /etc/apache2/sites-available/default-ssl.conf (for Debian-based systems) or /etc/httpd/conf.d/ssl.conf (for RHEL-based systems).

Edit the file using a text editor, such as nano:
bash
Copy code
sudo nano /etc/apache2/sites-available/default-ssl.conf

or
bash
Copy code
sudo nano /etc/httpd/conf.d/ssl.conf

2. Update SSL Directives:

Modify or add the following lines to point to the new certificate and key files:
apache
Copy code
SSLCertificateFile /etc/ssl/certs/yourdomain.crt

SSLCertificateKeyFile /etc/ssl/private/yourdomain.key

SSLCertificateChainFile /etc/ssl/certs/yourdomain-ca.crt   # (Optional, if using intermediate certificates)

Save and Close the Configuration File:

Save your changes by pressing Ctrl + O (in nano), then press Enter, and finally, Ctrl + X to exit.

Step 4: Restart Apache to Apply the Changes

1. Restart Apache:

After configuring the SSL certificate, restart Apache to apply the changes.

On Debian-based systems (Ubuntu, etc.), run:
bash
Copy code
sudo systemctl restart apache2

On RHEL-based systems (CentOS, etc.), run:
bash
Copy code
sudo systemctl restart httpd

2. Check Apache Status:

Ensure that Apache restarted successfully and the new certificate is loaded correctly by checking the status:
bash
Copy code
sudo systemctl status apache2

or
bash
Copy code
sudo systemctl status httpd

Step 5: Verify SSL Certificate Installation

1. Test Using a Web Browser:

a. Open a web browser and navigate to your domain (e.g., https://yourdomain.com).

b. Check that the SSL certificate is installed correctly and there are no SSL warnings in the browser.

2. Use SSL Testing Tools:

You can also verify the installation using online tools such as:

SSL Labs SSL Test: https://www.ssllabs.com/ssltest/

SSL Checker: https://www.sslshopper.com/ssl-checker.html

Enter your domain name in one of these tools to confirm the SSL certificate is installed correctly.

Step 6: Optional: Remove the Certificate from the Source Server

1. Backup or Remove the Certificate:

If you are moving the certificate (rather than copying), you may want to remove the certificate and private key from the source server to avoid conflicts.

Optionally backup the files:
bash
Copy code
sudo mv /etc/ssl/certs/yourdomain.crt /path/to/backup/

sudo mv /etc/ssl/private/yourdomain.key /path/to/backup/

Or delete them if no longer needed:
bash
Copy code
sudo rm /etc/ssl/certs/yourdomain.crt

sudo rm /etc/ssl/private/yourdomain.key