It often happens that one SSL certificate is used on multiple servers. This is quite a common practice for Wildcard or Multi-Domain certificates, or for large websites that use load balancing, which distributes the site load across multiple servers. Even a basic single-domain certificate can be used this way, in case it’s installed on multiple servers.
All SSL certificates that we offer are licensed for the unlimited number of physical servers. This guide explains how to move certificate files from one Apache web server to another.
Exporting certificate files from an Apache server is as easy as backing up all the necessary files needed for the SSL installation.
The most convenient way to locate the exact file directories is by checking the VirtualHost section in your main Apache configuration file:
Note: Some instances of Apache may have multiple configuration files, but only one of these configuration files can be used for SSL. All other configuration files that have SSL directives must be commented out.
The certificate chain is a number of certificates, called Intermediate, that connect end-user certificate to Certificate Authority Root by signing one another. The last certificate in chain (Root) should be matched to its copy in browser storage for domain certificate to be trusted.
Note: In some instances of Apache there may be SSLCACertificateFile directive instead.
Another way to have your certificate files backed up and transported from one server to another on the safe side is by creating a PFX backup file.
The PKCS#12 (.pfx) file format includes the private key, the domain’s certificate and the bundle pieced together as a single backup file secured with a password.
In order to create a PFX backup file on your Apache web-server, run the following command in the terminal:
openssl pkcs12 -export -out certificate.pfx -inkey privatekey.key -in certificate.crt -certfile bundle.crt
Where certificate.pfx is your PKCS#12 (.pfx) backup file, privatekey.key is the key file associated with your certificate, certificate.crt your domain certificate and bundle.crt is the Certificate Authority chain file.
At the next step you will be asked to enter the password:
Important! Keep in mind the export password you have entered, otherwise you won’t be able to extract the SSL files.
Note: Exported .pfx file can be used to import the certificate, private key and bundle not only into another Apache instance, but to any other Windows- or Java-based system.
openssl pkcs12 -in certificate.pfx -out certificate.crt –nodes
Where certificate.crt will contain a PEM encoded key, certificate and chain.
It will look like:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
It will look like:
The bundle will look like a chain:
For detailed instructions on how to install SSL certificates for Apache web server, please refer to our Apache installation guide.