Moving servers and IPs will change. Do SSL certificates need to be re-issued and installed?SSL enabled webpage does not prompt for client certificateHow do I import certificate (.CER) in IISHow to add custom OID for subject field on certificates issued by Windows Server 2008 R2 CA?Windows 2012R2 seems to automatically download and install intermediate root certificatesCompleting certificate request via command line in Windows ServerIIS 8 - Default SSL Site Breaks SNIIIS not sending intermediate SSL certificateOur master/slave servers are unable to sync after SSL certificates were installed and then removed, what is this down to?IIS 8.5 403.16 Untrusted Client CertificateMutual SSL authentication and requirements for certificates
Group Integers by Originality
concatenation of context sensitive and context-free is context sensitive or not?
Generate basis elements of the Steenrod algebra
Winning Strategy for the Magician and his Apprentice
Certain search in list
Why didn't Voldemort recognize that Dumbledore was affected by his curse?
Pre-1972 sci-fi short story or novel: alien(?) tunnel where people try new moves and get destroyed if they're not the correct ones
Importance of Building Credit Score?
SQL counting distinct over partition
What is the actual quality of machine translations?
What is the highest possible temporary AC at level 1, without any help from others?
Are there any important biographies of nobodies?
Is White controlling this game?
Thread Pool C++ Implementation
How to draw a Technology Radar?
Fixing obscure 8080 emulator bug?
How does an ordinary object become radioactive?
Did Milano or Benatar approve or comment on their namesake MCU ships?
Why the DOS extender and DPMI were unavailable to DOS programs on 286 standard mode of Windows 3.0
How to communicate to my GM that not being allowed to use stealth isn't fun for me?
Rebus with 20 song titles
Determining fair price for profitable mobile app business
How to tell your grandparent to not come to fetch you with their car?
Can Rydberg constant be in joules?
Moving servers and IPs will change. Do SSL certificates need to be re-issued and installed?
SSL enabled webpage does not prompt for client certificateHow do I import certificate (.CER) in IISHow to add custom OID for subject field on certificates issued by Windows Server 2008 R2 CA?Windows 2012R2 seems to automatically download and install intermediate root certificatesCompleting certificate request via command line in Windows ServerIIS 8 - Default SSL Site Breaks SNIIIS not sending intermediate SSL certificateOur master/slave servers are unable to sync after SSL certificates were installed and then removed, what is this down to?IIS 8.5 403.16 Untrusted Client CertificateMutual SSL authentication and requirements for certificates
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
We are moving servers to another facility with different block of IP addresses. Will we need to get new SSL certificates issued and installed once the move has taken place?
If so, is there any way to get prepared for this before the server is moved instead of waiting for it to boot up to then go through the process of requesting from IIS, going to certificate vendor, etc?
ssl-certificate
asked Nov 5 '09 at 14:08
dmr83457dmr83457
2873718
add a comment |
We are moving servers to another facility with different block of IP addresses. Will we need to get new SSL certificates issued and installed once the move has taken place?
If so, is there any way to get prepared for this before the server is moved instead of waiting for it to boot up to then go through the process of requesting from IIS, going to certificate vendor, etc?
ssl-certificate
asked Nov 5 '09 at 14:08
dmr83457dmr83457
2873718
add a comment |
We are moving servers to another facility with different block of IP addresses. Will we need to get new SSL certificates issued and installed once the move has taken place?
If so, is there any way to get prepared for this before the server is moved instead of waiting for it to boot up to then go through the process of requesting from IIS, going to certificate vendor, etc?
ssl-certificate
asked Nov 5 '09 at 14:08
dmr83457dmr83457
2873718
We are moving servers to another facility with different block of IP addresses. Will we need to get new SSL certificates issued and installed once the move has taken place?
If so, is there any way to get prepared for this before the server is moved instead of waiting for it to boot up to then go through the process of requesting from IIS, going to certificate vendor, etc?
ssl-certificate
ssl-certificate
asked Nov 5 '09 at 14:08
dmr83457dmr83457
2873718
asked Nov 5 '09 at 14:08
dmr83457dmr83457
2873718
asked Nov 5 '09 at 14:08
dmr83457dmr83457
2873718
asked Nov 5 '09 at 14:08
dmr83457dmr83457
2873718
asked Nov 5 '09 at 14:08
dmr83457dmr83457
2873718
2873718
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
Most (I think ALL) SSL certificates are domain-name-based, so there should be no need to get a new certificate as long as the hostname of the server will be the same after the move.
It will require a DNS change, timed with the move, however.
answered Nov 5 '09 at 14:14
VatineVatine
4,9101722
add a comment |
No, SSL is tied to the domain name, not the public IP address. For your prep though, you should set your DNS TTL to be low, so that propagation is quick.
The only time SSL and IP clash is when you are working with multiple SSL certs on a single IIS box.
6 years later, I wanted to add a quick edit to this one. I know the question wasn't about assigning an SSL cert to an IP, but that is possible.
""An SSL certificate is typically issued to a Fully Qualified Domain Name (FQDN) such as "https://www.domain.com". However, some organizations need an SSL certificate issued to a public IP address. This option allows you to specify a public IP address as the Common Name in your Certificate Signing Request (CSR). The issued certificate can then be used to secure connections directly with the public IP address (e.g., https://123.456.78.99.).""
answered Nov 5 '09 at 15:27
DanBigDanBig
10.9k12352
2
I didn't choose your answer as THE answer but I appreciate the extra advice on TTL.
– dmr83457
Nov 5 '09 at 21:55
so if the ip changes and i have a cert bound to the ip, i still can use the cert?
– user3123159
Apr 5 '18 at 15:11
add a comment |
SSL certificates are tied to a single IP address in so far as that you can only have one certificate bound to a given IP address. The certificates themselves are expected to match the Common Name (CN) which is typically the hostname entered into DNS and configured for the service (IMAP, HTTPS, SMTP, etc).
That said the moving of servers and changing the IP address is not a problem so long as you take the necessary steps to update the DNS for the respective hostname entry to point to the new IP address. As mentioned you can limit the potential time by lowering the TTL so that the change propagates quickly, you can also make the DNS IP address change before actually moving the server so the update will go into affect before the change and thus lowering the possible unreachability.
answered Nov 5 '09 at 16:20
Jeremy BouseJeremy Bouse
10.3k22237
Can you clarify what you mean by "you can also make the DNS IP address change before actually moving the server"? If I have a websitehttps://www.hello.comhosted on a server at 12.34.56.78 and want to move it to a new server at 90.12.34.56, why would I update the DNS record forwww.hello.comto point to 90.12.34.56 before having finished migrating the application and data to the new server?
– mpavey
Sep 13 '18 at 19:35
Almost 10 years after the original answer... I guess he meant that you could set up a temporary redirect at the new ip until the move is done.
– aanders77
May 12 at 16:37
@mpavey I think he was assuming that the server was to be physically relocated, not contents copied from old server to new server. By setting the DNS to the new IP when you move out of the old server room, it will have had time to propagate by the time you power up the server in the new server room, thereby minimizing the downtime.
– Kidquick
May 22 at 18:32
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f81736%2fmoving-servers-and-ips-will-change-do-ssl-certificates-need-to-be-re-issued-and%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
Most (I think ALL) SSL certificates are domain-name-based, so there should be no need to get a new certificate as long as the hostname of the server will be the same after the move.
It will require a DNS change, timed with the move, however.
answered Nov 5 '09 at 14:14
VatineVatine
4,9101722
add a comment |
Most (I think ALL) SSL certificates are domain-name-based, so there should be no need to get a new certificate as long as the hostname of the server will be the same after the move.
It will require a DNS change, timed with the move, however.
answered Nov 5 '09 at 14:14
VatineVatine
4,9101722
add a comment |
Most (I think ALL) SSL certificates are domain-name-based, so there should be no need to get a new certificate as long as the hostname of the server will be the same after the move.
It will require a DNS change, timed with the move, however.
answered Nov 5 '09 at 14:14
VatineVatine
4,9101722
Most (I think ALL) SSL certificates are domain-name-based, so there should be no need to get a new certificate as long as the hostname of the server will be the same after the move.
It will require a DNS change, timed with the move, however.
answered Nov 5 '09 at 14:14
VatineVatine
4,9101722
answered Nov 5 '09 at 14:14
VatineVatine
4,9101722
answered Nov 5 '09 at 14:14
VatineVatine
4,9101722
answered Nov 5 '09 at 14:14
VatineVatine
4,9101722
4,9101722
add a comment |
add a comment |
No, SSL is tied to the domain name, not the public IP address. For your prep though, you should set your DNS TTL to be low, so that propagation is quick.
The only time SSL and IP clash is when you are working with multiple SSL certs on a single IIS box.
6 years later, I wanted to add a quick edit to this one. I know the question wasn't about assigning an SSL cert to an IP, but that is possible.
""An SSL certificate is typically issued to a Fully Qualified Domain Name (FQDN) such as "https://www.domain.com". However, some organizations need an SSL certificate issued to a public IP address. This option allows you to specify a public IP address as the Common Name in your Certificate Signing Request (CSR). The issued certificate can then be used to secure connections directly with the public IP address (e.g., https://123.456.78.99.).""
answered Nov 5 '09 at 15:27
DanBigDanBig
10.9k12352
2
I didn't choose your answer as THE answer but I appreciate the extra advice on TTL.
– dmr83457
Nov 5 '09 at 21:55
so if the ip changes and i have a cert bound to the ip, i still can use the cert?
– user3123159
Apr 5 '18 at 15:11
add a comment |
No, SSL is tied to the domain name, not the public IP address. For your prep though, you should set your DNS TTL to be low, so that propagation is quick.
The only time SSL and IP clash is when you are working with multiple SSL certs on a single IIS box.
6 years later, I wanted to add a quick edit to this one. I know the question wasn't about assigning an SSL cert to an IP, but that is possible.
""An SSL certificate is typically issued to a Fully Qualified Domain Name (FQDN) such as "https://www.domain.com". However, some organizations need an SSL certificate issued to a public IP address. This option allows you to specify a public IP address as the Common Name in your Certificate Signing Request (CSR). The issued certificate can then be used to secure connections directly with the public IP address (e.g., https://123.456.78.99.).""
answered Nov 5 '09 at 15:27
DanBigDanBig
10.9k12352
2
I didn't choose your answer as THE answer but I appreciate the extra advice on TTL.
– dmr83457
Nov 5 '09 at 21:55
so if the ip changes and i have a cert bound to the ip, i still can use the cert?
– user3123159
Apr 5 '18 at 15:11
add a comment |
No, SSL is tied to the domain name, not the public IP address. For your prep though, you should set your DNS TTL to be low, so that propagation is quick.
The only time SSL and IP clash is when you are working with multiple SSL certs on a single IIS box.
6 years later, I wanted to add a quick edit to this one. I know the question wasn't about assigning an SSL cert to an IP, but that is possible.
""An SSL certificate is typically issued to a Fully Qualified Domain Name (FQDN) such as "https://www.domain.com". However, some organizations need an SSL certificate issued to a public IP address. This option allows you to specify a public IP address as the Common Name in your Certificate Signing Request (CSR). The issued certificate can then be used to secure connections directly with the public IP address (e.g., https://123.456.78.99.).""
answered Nov 5 '09 at 15:27
DanBigDanBig
10.9k12352
No, SSL is tied to the domain name, not the public IP address. For your prep though, you should set your DNS TTL to be low, so that propagation is quick.
The only time SSL and IP clash is when you are working with multiple SSL certs on a single IIS box.
6 years later, I wanted to add a quick edit to this one. I know the question wasn't about assigning an SSL cert to an IP, but that is possible.
""An SSL certificate is typically issued to a Fully Qualified Domain Name (FQDN) such as "https://www.domain.com". However, some organizations need an SSL certificate issued to a public IP address. This option allows you to specify a public IP address as the Common Name in your Certificate Signing Request (CSR). The issued certificate can then be used to secure connections directly with the public IP address (e.g., https://123.456.78.99.).""
answered Nov 5 '09 at 15:27
DanBigDanBig
10.9k12352
edited Feb 13 '15 at 16:20
answered Nov 5 '09 at 15:27
DanBigDanBig
10.9k12352
answered Nov 5 '09 at 15:27
DanBigDanBig
10.9k12352
answered Nov 5 '09 at 15:27
DanBigDanBig
10.9k12352
10.9k12352
2
I didn't choose your answer as THE answer but I appreciate the extra advice on TTL.
– dmr83457
Nov 5 '09 at 21:55
so if the ip changes and i have a cert bound to the ip, i still can use the cert?
– user3123159
Apr 5 '18 at 15:11
add a comment |
2
I didn't choose your answer as THE answer but I appreciate the extra advice on TTL.
– dmr83457
Nov 5 '09 at 21:55
so if the ip changes and i have a cert bound to the ip, i still can use the cert?
– user3123159
Apr 5 '18 at 15:11
2
2
I didn't choose your answer as THE answer but I appreciate the extra advice on TTL.
– dmr83457
Nov 5 '09 at 21:55
I didn't choose your answer as THE answer but I appreciate the extra advice on TTL.
– dmr83457
Nov 5 '09 at 21:55
so if the ip changes and i have a cert bound to the ip, i still can use the cert?
– user3123159
Apr 5 '18 at 15:11
so if the ip changes and i have a cert bound to the ip, i still can use the cert?
– user3123159
Apr 5 '18 at 15:11
add a comment |
SSL certificates are tied to a single IP address in so far as that you can only have one certificate bound to a given IP address. The certificates themselves are expected to match the Common Name (CN) which is typically the hostname entered into DNS and configured for the service (IMAP, HTTPS, SMTP, etc).
That said the moving of servers and changing the IP address is not a problem so long as you take the necessary steps to update the DNS for the respective hostname entry to point to the new IP address. As mentioned you can limit the potential time by lowering the TTL so that the change propagates quickly, you can also make the DNS IP address change before actually moving the server so the update will go into affect before the change and thus lowering the possible unreachability.
answered Nov 5 '09 at 16:20
Jeremy BouseJeremy Bouse
10.3k22237
Can you clarify what you mean by "you can also make the DNS IP address change before actually moving the server"? If I have a websitehttps://www.hello.comhosted on a server at 12.34.56.78 and want to move it to a new server at 90.12.34.56, why would I update the DNS record forwww.hello.comto point to 90.12.34.56 before having finished migrating the application and data to the new server?
– mpavey
Sep 13 '18 at 19:35
Almost 10 years after the original answer... I guess he meant that you could set up a temporary redirect at the new ip until the move is done.
– aanders77
May 12 at 16:37
@mpavey I think he was assuming that the server was to be physically relocated, not contents copied from old server to new server. By setting the DNS to the new IP when you move out of the old server room, it will have had time to propagate by the time you power up the server in the new server room, thereby minimizing the downtime.
– Kidquick
May 22 at 18:32
add a comment |
SSL certificates are tied to a single IP address in so far as that you can only have one certificate bound to a given IP address. The certificates themselves are expected to match the Common Name (CN) which is typically the hostname entered into DNS and configured for the service (IMAP, HTTPS, SMTP, etc).
That said the moving of servers and changing the IP address is not a problem so long as you take the necessary steps to update the DNS for the respective hostname entry to point to the new IP address. As mentioned you can limit the potential time by lowering the TTL so that the change propagates quickly, you can also make the DNS IP address change before actually moving the server so the update will go into affect before the change and thus lowering the possible unreachability.
answered Nov 5 '09 at 16:20
Jeremy BouseJeremy Bouse
10.3k22237
Can you clarify what you mean by "you can also make the DNS IP address change before actually moving the server"? If I have a websitehttps://www.hello.comhosted on a server at 12.34.56.78 and want to move it to a new server at 90.12.34.56, why would I update the DNS record forwww.hello.comto point to 90.12.34.56 before having finished migrating the application and data to the new server?
– mpavey
Sep 13 '18 at 19:35
Almost 10 years after the original answer... I guess he meant that you could set up a temporary redirect at the new ip until the move is done.
– aanders77
May 12 at 16:37
@mpavey I think he was assuming that the server was to be physically relocated, not contents copied from old server to new server. By setting the DNS to the new IP when you move out of the old server room, it will have had time to propagate by the time you power up the server in the new server room, thereby minimizing the downtime.
– Kidquick
May 22 at 18:32
add a comment |
SSL certificates are tied to a single IP address in so far as that you can only have one certificate bound to a given IP address. The certificates themselves are expected to match the Common Name (CN) which is typically the hostname entered into DNS and configured for the service (IMAP, HTTPS, SMTP, etc).
That said the moving of servers and changing the IP address is not a problem so long as you take the necessary steps to update the DNS for the respective hostname entry to point to the new IP address. As mentioned you can limit the potential time by lowering the TTL so that the change propagates quickly, you can also make the DNS IP address change before actually moving the server so the update will go into affect before the change and thus lowering the possible unreachability.
answered Nov 5 '09 at 16:20
Jeremy BouseJeremy Bouse
10.3k22237
SSL certificates are tied to a single IP address in so far as that you can only have one certificate bound to a given IP address. The certificates themselves are expected to match the Common Name (CN) which is typically the hostname entered into DNS and configured for the service (IMAP, HTTPS, SMTP, etc).
That said the moving of servers and changing the IP address is not a problem so long as you take the necessary steps to update the DNS for the respective hostname entry to point to the new IP address. As mentioned you can limit the potential time by lowering the TTL so that the change propagates quickly, you can also make the DNS IP address change before actually moving the server so the update will go into affect before the change and thus lowering the possible unreachability.
answered Nov 5 '09 at 16:20
Jeremy BouseJeremy Bouse
10.3k22237
answered Nov 5 '09 at 16:20
Jeremy BouseJeremy Bouse
10.3k22237
answered Nov 5 '09 at 16:20
Jeremy BouseJeremy Bouse
10.3k22237
answered Nov 5 '09 at 16:20
Jeremy BouseJeremy Bouse
10.3k22237
10.3k22237
Can you clarify what you mean by "you can also make the DNS IP address change before actually moving the server"? If I have a websitehttps://www.hello.comhosted on a server at 12.34.56.78 and want to move it to a new server at 90.12.34.56, why would I update the DNS record forwww.hello.comto point to 90.12.34.56 before having finished migrating the application and data to the new server?
– mpavey
Sep 13 '18 at 19:35
Almost 10 years after the original answer... I guess he meant that you could set up a temporary redirect at the new ip until the move is done.
– aanders77
May 12 at 16:37
@mpavey I think he was assuming that the server was to be physically relocated, not contents copied from old server to new server. By setting the DNS to the new IP when you move out of the old server room, it will have had time to propagate by the time you power up the server in the new server room, thereby minimizing the downtime.
– Kidquick
May 22 at 18:32
add a comment |
Can you clarify what you mean by "you can also make the DNS IP address change before actually moving the server"? If I have a websitehttps://www.hello.comhosted on a server at 12.34.56.78 and want to move it to a new server at 90.12.34.56, why would I update the DNS record forwww.hello.comto point to 90.12.34.56 before having finished migrating the application and data to the new server?
– mpavey
Sep 13 '18 at 19:35
Almost 10 years after the original answer... I guess he meant that you could set up a temporary redirect at the new ip until the move is done.
– aanders77
May 12 at 16:37
@mpavey I think he was assuming that the server was to be physically relocated, not contents copied from old server to new server. By setting the DNS to the new IP when you move out of the old server room, it will have had time to propagate by the time you power up the server in the new server room, thereby minimizing the downtime.
– Kidquick
May 22 at 18:32
Can you clarify what you mean by "you can also make the DNS IP address change before actually moving the server"? If I have a website
https://www.hello.com hosted on a server at 12.34.56.78 and want to move it to a new server at 90.12.34.56, why would I update the DNS record for www.hello.com to point to 90.12.34.56 before having finished migrating the application and data to the new server?– mpavey
Sep 13 '18 at 19:35
Can you clarify what you mean by "you can also make the DNS IP address change before actually moving the server"? If I have a website
https://www.hello.com hosted on a server at 12.34.56.78 and want to move it to a new server at 90.12.34.56, why would I update the DNS record for www.hello.com to point to 90.12.34.56 before having finished migrating the application and data to the new server?– mpavey
Sep 13 '18 at 19:35
Almost 10 years after the original answer... I guess he meant that you could set up a temporary redirect at the new ip until the move is done.
– aanders77
May 12 at 16:37
Almost 10 years after the original answer... I guess he meant that you could set up a temporary redirect at the new ip until the move is done.
– aanders77
May 12 at 16:37
@mpavey I think he was assuming that the server was to be physically relocated, not contents copied from old server to new server. By setting the DNS to the new IP when you move out of the old server room, it will have had time to propagate by the time you power up the server in the new server room, thereby minimizing the downtime.
– Kidquick
May 22 at 18:32
@mpavey I think he was assuming that the server was to be physically relocated, not contents copied from old server to new server. By setting the DNS to the new IP when you move out of the old server room, it will have had time to propagate by the time you power up the server in the new server room, thereby minimizing the downtime.
– Kidquick
May 22 at 18:32
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f81736%2fmoving-servers-and-ips-will-change-do-ssl-certificates-need-to-be-re-issued-and%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
