cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution
CEIR
New

Transfer SSL certificate from one GoDaddy account to another

Hi.

We have an ex-colleague who created a wildcard SSL certificate for us using his GoDaddy account but he has moved on to another company.

We have created a new GoDaddy account and want to transfer the SSL certificate to our account since we want to manage payments and renewals etc ourselves.

I have seen this: https://www.godaddy.com/community/SSL-And-Security/Transfer-SSL-cert-to-another-Godaddy-account/td-p...

However, we cannot afford any downtime.

We usually generate an updated certificate before its expiry so that we have time to configure it on various systems.

Is there any alternative method?

Is it possible for the current owner of the SSL certificate to transfer it to us?

Note that the domain in question is not registered on GoDaddy.

 

We do have access to the DNS for the domain.

Is it possible to just create a new wildcard SSL certificate from our account say one week before the current SSL cert expires?

Or will GoDaddy see that there is already an SSL cert for that domain on our ex colleague's account and prevent us from proceeding?

 

1 ACCEPTED SOLUTION
dc352
Resolver III

Hey,

 

ah - actually two aspects - ownership of the certificate and potentially moving to to another server.

 

For the ownership ...

- you don't have to do anything. When the cert is about to expire, you simply request a new one from a new GoDaddy account. The existing cert is just a file and as long as you have access to it, you don't have to do anything.

 

Renewals require you to prove you own the domain name - which you can do as the domain name belongs to you. (anyone who can control the domain name or servers using the domain name can request a new certificate - there is no firm link to a godaddy account).

 

PS: Important! You should transfer the domain name away from your ex-employee account. This is a MUST as the owner of the domain name can validate new certificates.

 

 

 

For transferring the cert to a new server ...

If you have the actual certificate and its private key in files then you can simply install them to a new server, test that the new server / IP address is correctly configured, and then simply update the DNS records to point to the new server. Once the new DNS propagated (if in no hurry, I would leave the old server up for a couple of days), you can switch off the old server.

 

You should be able to do that with zero downtime.

 

The files you need:

 - Linux systems - "pem files", which are text files - at least 2 files needed - "bundle/chain" and "privatekey". you can also have something like "certificate" and "intermediate" certs instead of the bundle.

- Windows - pfx file - you can export it from Windows cert management console - e.g. MMC. Make sure you export including private key - you have to be asked to provide a password.

 

Once you change DNS records, you can renew the cert as if you requested a new one. 

 

Dan

 

———

I've worked around (not only) SSL security for over 20 years in enterprises and startups. 

I am now running an HTTPS expiry management service KeyChest.net

 

View solution in original post

3 REPLIES 3
dc352
Resolver III

Hey,

 

ah - actually two aspects - ownership of the certificate and potentially moving to to another server.

 

For the ownership ...

- you don't have to do anything. When the cert is about to expire, you simply request a new one from a new GoDaddy account. The existing cert is just a file and as long as you have access to it, you don't have to do anything.

 

Renewals require you to prove you own the domain name - which you can do as the domain name belongs to you. (anyone who can control the domain name or servers using the domain name can request a new certificate - there is no firm link to a godaddy account).

 

PS: Important! You should transfer the domain name away from your ex-employee account. This is a MUST as the owner of the domain name can validate new certificates.

 

 

 

For transferring the cert to a new server ...

If you have the actual certificate and its private key in files then you can simply install them to a new server, test that the new server / IP address is correctly configured, and then simply update the DNS records to point to the new server. Once the new DNS propagated (if in no hurry, I would leave the old server up for a couple of days), you can switch off the old server.

 

You should be able to do that with zero downtime.

 

The files you need:

 - Linux systems - "pem files", which are text files - at least 2 files needed - "bundle/chain" and "privatekey". you can also have something like "certificate" and "intermediate" certs instead of the bundle.

- Windows - pfx file - you can export it from Windows cert management console - e.g. MMC. Make sure you export including private key - you have to be asked to provide a password.

 

Once you change DNS records, you can renew the cert as if you requested a new one. 

 

Dan

 

———

I've worked around (not only) SSL security for over 20 years in enterprises and startups. 

I am now running an HTTPS expiry management service KeyChest.net

 

View solution in original post

I've updated my previous answer as I realized the question was more about the "ownership" of the certificate rather than installing the cert to a new location.

Dear Dan,

Many thanks for your response.

Indeed, I know that to create an SSL cert, at some point you are normally asked to prove ownership of the domain by creating a DNS record.
But I wanted to confirm if GoDaddy does any additional checks to see if it is already present on another account.
As I said, we own the domain and have control over its DNS, so if we need to create any record to prove ownership, it will not be a problem.
Like you said, the best course of action is to just create a new wildcard SSL on our own account just before the current one expires.