As part of a large site migration, I need to copy over numerous (about 50) SSL certificates for different sites.
I have tried to export them on the current server and then import them on the new server, with no success. I can get everything to load and work correctly, but if I run SSLDiag on the new server, I get the error "#WARNING: You DON'T have a private key that corresponds to this certificate".
I can't find any way to import the key along with the certificate. Do I need to renew each certificate, and if so, is this something that would cost money?
Edit: these servers do not have the connectivity required to use the "copy or move cert" option in the SSL wizards.
Edit2: By renewing the cert, does it invalidate the one on the old server?
Best Answer
I do not know the specifics of IIS, but yes, you positively need both the (public) TSL (SSL) certificate and the (private) key. If the server does not have the private key, it cannot use the corresponding certificate; that's just how TLS works. There has to be a way to export both, you'll have to dig in the manuals :-).
No, certificate renewal has nothing to do with moving servers. You can just copy the pulic and private certs/keys. Of course, the TSL certificate is tied to a specific domain name, so if the domain name changes, you need a new cert (not just a renewal).
What do you mean by "invalidate"? A TLS certificate cannot be invalidated; it can only be revoked by the issuing authority. That is something they could do if you renew, but I've never heard of any issuer that actually does this. So you can continue using the old cert even after a renewal.