5

We are developing a site for a client who already has an SSL certificate and already has a website and domain name that uses it. We will be hosting the new site on our server running Apache that has other sites on it with the same IP. The domain name for the website will have its A record changed to our server. The existing certificate was granted by Comodo. Another possibly important fact is the company where their existing site is hosted will not get back to us in regards to the certificate. I have asked for them to give me an "exported copy of the SSL certificate and private key" but have been ignored.

Having asked Comodo and the company who hosts our other sites for help I am really confused! I've never really dealt with SSLs before.

So my questions are:

  1. Is the only way of transfering this certificate to get it exported by the current hosting provider?
  2. If they don't respond, what are my next steps?
  3. Can a domain name have two certificates (if we buy a new one)?

I apologise if I am using incorrect terminology but thanks in advance!

beingalex
  • 335
  • 3
  • 7
  • 13

1 Answers1

3
  1. Yes, you need a copy of the private key and the certificate.
  2. Buy a new certificate.
  3. The direct answer is yes, but only one of them will be active depending on which server the A-record points to.

Depending on your budget, it is probably cheaper to just buy a new certificate than to use hours to get the existing key+certificate from your current hosting provider.

pkhamre
  • 6,120
  • 3
  • 17
  • 27
  • 2
    If I were beingalex, I'd really really want to revoke the old certificate. As long as it's out there and not under your control, your old hostingcompany (or somebody working there) could use it e.g. for a MITM attack or to otherwise harm your company. – Jenny D Aug 21 '12 at 14:32
  • As we are not in a total rush, I am going to wait and see if I can get it exported (if that's the right word). Thanks. – beingalex Aug 21 '12 at 14:42
  • If we go down the getting it exported route: The other company has control of domain name and A record, what happens if they (after changing it to ours) change the A record back and forge the site? Is there not still a copy of the certificate on their server? – beingalex Aug 21 '12 at 14:45
  • 1
    Yes, they could do that. That's why you need to revoke the old cert. – ceejayoz Aug 21 '12 at 15:08