Author Topic: Restore SSL certificate after disaster recovery  (Read 11566 times)

Offline bethverish

  • Newbie
  • *
  • Posts: 4
Restore SSL certificate after disaster recovery
« on: October 16, 2006, 03:56:55 PM »
Greetings,

I am creating procedures for disaster recovery.  I have a MS IIS web site that is secured with a Comodo wildcard cert.  If I lose my server and need to perform a bare metal restore my application requires a fresh install of the OS and application and then load a backup of the app. 

I have a few questions on this:

1.  Can I restore the same certificate that I used before if I have a vaild backup? 
2.  How do I backup my wildcard Comomdo cert?  Backup of the private key and certificate?
If I understand the instructions below the backup up the private key can only be done using the cert. request?


Thanks,

Beth
------------------------------
From Comodo FAQ website:
How do I back up my private key in IIS 5?
Start, run, type mmc
Go into the Console Tab, Add/Remove Snap in
Click on Add, Double Click on Certificates and Click on Add > OK
Choose Computer Account
Choose Local Computer
Open up the Certificates Consol Tree
Look for a folder labelled REQUEST, then select Certificates
Highlight the key that you wish to back up
Right click on the file and choose, All Tasks, Export
Follow the Certificate Export Wizard
Choose to mark the Private key as exportable
Leave default settings
Choose to save file on a set location.
Click Finish
You will get message that the export was successful
Note: Once the Pending Request is completed the Key is no longer available

Offline Rich_S

  • Comodo Staff
  • Comodo Family Member
  • *****
  • Posts: 52
Re: Restore SSL certificate after disaster recovery
« Reply #1 on: October 16, 2006, 05:00:36 PM »
Actually that procedure is for backing up the Private key prior to actually installing the certificate.  See the attached doc for backing up the certificate with the private key, as well as restoring the certificate from backup.
Regards,
Rich
Validation Manager - Comodo
http://ssl.comodo.com

Offline bethverish

  • Newbie
  • *
  • Posts: 4
Re: Restore SSL certificate after disaster recovery
« Reply #2 on: November 07, 2006, 06:05:01 PM »
Thanks Rich,

The procedure says I also need to save AddTrustExternalCARoot.crt, and the UTNUserFirstHardware.crt.  I export these, correct?  I do not see how to copy. 

Thanks,

Beth

Offline bethverish

  • Newbie
  • *
  • Posts: 4
Re: Restore SSL certificate after disaster recovery
« Reply #3 on: November 07, 2006, 06:09:52 PM »
Sorry forgot to ask about what format in export should be used.

DER encoded binary X.509 (.CER)
Base-64 encoded X.509 (.CER)
Crytographic Message Syntax Standard - PKCS #7 Certificates (.P7B)

Thanks!

Offline garry

  • Retired Staff
  • Comodo's Hero
  • *****
  • Posts: 410
Re: Restore SSL certificate after disaster recovery
« Reply #4 on: November 08, 2006, 05:46:50 AM »
Hi,

You will need to back it up as a PKCS#12 (pfx) file.
Which will only be available if you export the Private Key at the same time.

Remember to take the option 'Include all certificates in the certification path if possible'.
This will then include the AddTrustExternalCARoot.crt, and the UTNUserFirstHardware.crt in the backup.

Garry

Offline bethverish

  • Newbie
  • *
  • Posts: 4
Re: Restore SSL certificate after disaster recovery
« Reply #5 on: November 15, 2006, 07:09:40 PM »
Garry,

Thanks for the info.  Are you familiar with the document Rich referenced? (http://forums.comodo.com/index.php?action=dlattach;topic=3317.0;attach=1081)  It states to copy the AddTrustExternalCARoot.crt, and the UTNUserFirstHardware.crt as part of the procedure.

If I check the option 'Include all certificates in the certification path if possible' will that include the AddTrustExternalCARoot.crt, and the UTNUserFirstHardware.crt certificates as well?

Sorry for all the questions, I just want to make sure I can recover the wildcard certificate before I blow it away and test the restore procedure.

Beth

Offline garry

  • Retired Staff
  • Comodo's Hero
  • *****
  • Posts: 410
Re: Restore SSL certificate after disaster recovery
« Reply #6 on: November 16, 2006, 07:35:10 AM »
Hi,

If you have the AddTrustExternalCARoot.crt, and the UTNUserFirstHardware.crt already installed on the machine you are exporting from then they will be included in the export when you select 'Include all certificates in the certification path if possible'.

Garry

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek