2

My RapidSSL Certificate is about to expire and I need to renew it. From what I understand, I can use the existing signature (less secure) or generate a new request. In either case, once I install the new key, is there any chance that browsers will display a warning or error message to users saying that the SSL cert has changed?

Also, I have some automated programs that SFTP information to my server every morning. Will they get a message that the server's signature has changed and manually need to accept?

Thanks

2 Answers2

1

1) The browsers won't balk at the new certificate as long as it's signed by a trusted authority, so if you buy it from one of the regular channels, or sign it using an in-house CA that your browsers trust, then you're fine

2) sftp deals with the certificates that are part of the SSL/SSH subsystem, not the apache certificates, so it will be unaffected.

Matt Simmons
  • 20,584
0

The only warnings users might get is if your new cert has a begin date before you start using it or if they have set a security exception for that particular cert (possible if they don't trust the RapidSSL root cert). Otherwise I'd just get a new cert using the old private key, install it, and call it a day.

I haven't dealt with RapidSSL before, but every other cert vendor I have dealt with sets the begin date to the moment the cert is issued. The end date is either X years after the being date; or X years after the old expiry date if you're renewing.

Chris S
  • 78,455