I've had a secure server for one year now, and it's time to renew my
The WebTen instructions... say this:
"A temporary, self-signed certificate (for use while your CSR is being
processed by the certificate authority) is created and saved.... This file
should be replaced by the real certificate when one is returned from the
Certificate Authority."
This implies that my server might no longer be secure until I get the new
certificate from Verisign. Am I missing something? Is there a trick to
generating the CSR without destroying the current certificate? Or does the
new CSR just reside next to my current certificate? I'm reluctant to do this
before I'm sure it'll work.
First, you need to understand the different between your key and your
certificate. (And I hope I do, but it can be complicated.)
The certificate "certifies" that your key is valid for your hostname.
Your signature says that you are signing off that your certificate is
valid. This has little to do with how secure your site is, but a lot
to do with how secure people think your site is. Obviously, a
signature that basically says "I am who I say I am, and here I am
saying that I am who I say I am, so it must be true" will be less
trusted than Verisign saying that you are who you say you are :*)
But your data will be encrypted just the same no matter who signs
your certificate. The key is still the same. Similarly, you could go
ahead and post your private key to public newsgroups the day after
Verisign signs your certificate. Your site is about as secure as a
Windows client in a public lab, but it will "look" secure to people
visiting it :*)
However, second, those instructions look like they're for your first
time. Whenever I renew, I leave my old key/certificate in place until
I get the new certificate from Verisign. As long as I remember to
renew *before* the old certificate "runs out", this isn't a problem.
Of course, I do it all from the command line, not in Webten's UI (I
don't use Webten for secure serving). But (a) their UI should include
this option, and (b) even if it doesn't, your site is still as
secure. It just doesn't necessarily look like it is to your visitors
(which is sometimes very important, sometimes less so).
Jerry
--
jerry@xxxxxxxxxxxx
http://www.sandiego.edu/~jerry/
Serra 188B/x8773
--
The more restrictions there are, the poorer the people become. The
greater the government's power, the more chaotic the nation would
become. The more the ruler imposes laws and prohibitions on his
people, the more frequently evil deeds would occur.
--The Silence of the Wise: The Sayings of Lao Zi
--
jerry@xxxxxxxxxxxx
http://www.sandiego.edu/~jerry/
Serra 188B/x8773
--
The more restrictions there are, the poorer the people become. The
greater the government's power, the more chaotic the nation would
become. The more the ruler imposes laws and prohibitions on his
people, the more frequently evil deeds would occur.
--The Silence of the Wise: The Sayings of Lao Zi
| 
