[Box Backup] Using already deployed SSL certificates.

[Chris Wilson]

Hi Anton,

On Fri, 31 May 2013, Anton Avramov wrote:

> I have a lot of servers with already deployed 3-years certificates issued by startssl.com used by the webserver in place. I've already
> backed up the private keys securely.
> Is it possible to use the existing certificate/key pair on the machine?

Yes, it is possible, but not really documented, so you'll have to do quite 
a bit of figuring out yourself.

> If so what would happen when the certificate is renewed?

The issue is with renewal of the CA certificates, because I think Box 
Backup can only trust one at a time. It will trust all clients or servers 
whose certificates are signed with the client or server CA key.

> Is my logic correct to assume I'll then also need to backup 
> -FileEncKeys.raw securely in order to be able to restore?

Yes, this is the only file that you need to back up in order to recover 
your data. Certificates can be regenerated, but this key cannot.

Cheers, Chris.
-- 
_____ __     _
\  __/ / ,__(_)_  | Chris Wilson <chris+sig at qwirx.com> Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind & your software |