We're swicthing from an OSCommerce website to Magento and are also swicthing servers. The old server is on Apache and our new one is on NGINX. The SSL certificate we have seems to have been purchased from GODADDY.
I've almost figured out how to switch our SSL certifcate from our old server to our new server. But have a few questions?
1. REKEY CERTIFICATE
I've discovered three types of SSL files from the old OSCommerce site apache virtual host:
SSLCertificateFile /etc/apache2/ssl/11-2013/09********ss.crt
SSLCertificateKeyFile /etc/apache2/ssl/11-2013/server.key
SSLCertificateChainFile /etc/apache2/ssl/11-2013/gd_bundle.crt
Can I just copy these to a location on the new server and reference them in the NGINX configuration file? Or do I need to generate a new ssl key, re-key the crt file(which one)?
2. NGINX CONFIGURATION The NGINX configuration only seems to need reference to two files Apache does?
# Specify path to your SSL certificates.
#ssl_certificate /etc/nginx/certificates/yourcertificate.crt;
#ssl_certificate_key /etc/nginx/certificates/yourcertificate.key;
Which CRT file should I reference for NGINX, what about the other one?
3. SSL 3.0 & SHA1 When I check our site on DigiCert's SSL checker it says:
Protocol Support
TLS 1.0, SSL 3.0
SSL 3.0 is an outdated protocol version with known vulnerabilities.
SSL certificate
Common Name = ourdomain.com
Subject Alternative Names = ourdomain.com, www.ourdomain.com
Issuer = Go Daddy Secure Certification Authority
Serial Number = *****************
SHA1 Thumbprint = ***************************
Key Length = 4096 bit
Signature algorithm = SHA1 + RSA (deprecated)
Secure Renegotiation: Supported
How do I ensure we are using the correct protocol & SHA? Is this something I change in the new nginx configuration file?