Confusion over the correct private key

Question

I inherited work on a website and I am trying ultimately to replace SHA-1 certificates with SHA-2 certificates.

The first step would be to generate a CSR from my server using the command

openssl req -new -sha256 -key myexistingprivate.key -out newcsr.csr

I need to find where the existing private key is. In the root folder there are .key files for the domain.com.key, www_domain_com.key and star_domain_com.key. (The site domain on the internet doesn't use www but www is the ServerAlias)

In the etc/apache2/sites-enabled/default-ssl are the lines

SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

In etc/ssl/private there is only ssl-cert-snakeoil.key

Why would the default-ssl reference the snake oil file and not the domain.com.key file? How would the domain.com certificate be called? (It's installed correctly)

I guess there are others then default ssl-site enabled. Have a look in all enabled site configurations in `/etc/apache2/sites-enabled/`. Or `grep SSLCertificate /etc/apache2/* -R`. — sebix, Jul 23 '15 at 14:28
I ran the grep but the only results are default.template and default-ssl — MW Millar, Jul 23 '15 at 14:33
Maybe you have overwritten the snakeoil certificate. Check it with `openssl x509 -in /path/to/cert.crt` -noout -text` — sebix, Jul 23 '15 at 15:41

score 0 · Accepted Answer · answered Jul 28 '15 at 09:44

After a lot of searching I found that I just had to update the cloud server's load balancer - in the settings on their intranet site I had to paste in the certificate, private key and intermediate certificate. Now chrome gives me the all clear. I assume that without the load balancer I would have to set up the conf files on the server myself.

There was no ssl configuration on the server files that I see via ssh, which confused me.

Confusion over the correct private key

1 Answers1