-1

I have a domain registered with namecheap and server instance is aws ec2 (windows machine running node js) , cname record pointing to ec2 instance's public ip.

Now i want to configure ssl on it , I already have a Positive SSl(comodo) in my namecheap product list, which says Enter CSR.

However for some reasons I may need to change my ec2 instance, which inturn will change it's public ip, in that case will that CSR or ssl cert become invalid ?

If yes then is there any workaround ?

For generating csr i found this link

Sorry if it's something pretty basic but I am new to this

Thanks

EDIT: If possible Plz point me to some good resources where I can understand all this

Aishwat Singh
  • 101
  • 4

2 Answers2

3

Your certs are tied to the host names you supply and are therefore independent of the IP address of the machine they are used on.

user9517
  • 114,104
  • 20
  • 206
  • 289
  • so if my domain is xyz.com , csr will depend only on xyz.com not the ec2 instance public ip or dns? Also is it necessary to generate csr on ec2 server , can i generate it on my local machine and then put it on instance ? – Aishwat Singh Feb 05 '16 at 08:16
  • Yes. Yes and make sure you keep the files safe. – user9517 Feb 05 '16 at 08:31
2

It depends what you mean by change the instance. If you resize your current instance then you should be fine. If you migrate your instance (because it can't be resized) then you should make sure that you take your private key with you.

If you don't you'll still be able to apply for a certificate for with the CSR, but the returned certificate won't be of any use without its private key.

Also note that for SSL/TLS most CSRs and certificates will have DNS names as their Common Name or Subject Alternate Names, which shouldn't change when you resize, but there is nothing wrong with having IP addresses for these, in which case your returned certificate will not be of any use if you IP address changes.

garethTheRed
  • 4,009
  • 13
  • 20
  • By change the instance i mean , it's public ip and public dns will change and not resize. So even if it changes as long as i have private key, i am good ? right ? – Aishwat Singh Feb 05 '16 at 08:21
  • What do you mean by "public DNS will change" ? If your DNS name changes, then the CSR is no good and you'll need to create a new CSR with the new name. In that instance, you could reuse the old private key, but there's no reason to do so. Just create a new one. – garethTheRed Feb 05 '16 at 08:37
  • It's getting a lil confussing , by "public DNS change" i mean dns of ec2 , not my domain , in namecheap i set cname record to dns of ec2. And i am not worried about csr , am worried , vl i have to pay money again to buy a new ssl ? – Aishwat Singh Feb 05 '16 at 08:51