6

I have a Linux-based vendor-supplied virtual appliance that uses OpenSSL to manage certificates. The current server certificate is from Symantec so has to be replaced with a DigiCert. DigiCert is offering free replacements to existing customers using the same key pair - however, they are not accepting CSR's to do that. Instead, our DigiCert admin. is providing the replacement certificate as a Base64 .cer file.

All of the articles I have found talk about using a new CSR with the same keys but nothing about this specific case.

So how do I go about using OpenSSL to accept the new .cer file and associate it with the existing private key? I have all the relevant passwords/passphrases, etc.

user339468
  • 163
  • 3

2 Answers2

2

So how do I go about using OpenSSL to accept the new .cer file and associate it with the existing private key? I have all the relevant passwords/passphrases, etc.

You don't need to "associate" the new certificate with the existing private key because it already is. The CA simply used the public key in the existing certificate (where your private key is for) for the new certificate. And since the public key is still the same even if the certificate has been changed the private key is the same too.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
1

I imagine you just drop the new .cer file over top of the old one on the file system, ... and you're done. Shouldn't need to change anything else.

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207