Well, the subject says it all. Yes, it is impossible.

The former web host is a Thawte reseller, so we cannot do anything through Thawte directly. By coincidence, the cert is expiring this weekend, but that is no help either. Thawte refuses to move it from the reseller channel to their own direct channel, so that we could pay Thawte directly. I have contacted the old web host, Thawte and FQ, and nobody has an answer. There's a reason... The cert is supposed to certify you're on the right server! If the thing wasn't expiring this weekend, I imagine it would be even more difficult. As it is, a new cert is only slightly more expensive than renewal (through Thawte directly), so we'll get stuck with that and Rich's CSR charge and FQ's setup charge. Par for the course. Weird, though, that no one seems to have a better answer. Both web hosts run the same software, Apache/mod_SSL!

Anyway, someone tell me getting a new cert is going to be easy! Last time I looked into it, I think Verisign wanted me to get a Dow Jones number for that company. It looks like Thawte just wants the CSR and some moolah ($).

By the way, the prices on the FQ knowledgebase (http://service.futurequest.net/index.php?_a=knowledgebase&_j=questiondetails&_i=70) are out-of-date. Thawte charges $199, not $125.

There's a reason... The cert is supposed to certify you're on the right server!
Well, not exactly. :)

The cert performs 2 functions:

(1) Provides the public key used to encrypt the data transferred between a visitor's browser and your server.

(2) Confirms that the domain name is owned and operated by the party represented by the certificate.

Since SSL communication requires both a private key and a public key (the cert), the biggest issue of transfering between hosting facilities would be how to securely transfer the private key so that the integrity of that key is maintained. Beyond this it is also important that the SSL software used by both hosting companies is the same so that the private key will work on both sites.

Anyway, someone tell me getting a new cert is going to be easy!
The only thing I can tell you is that the easier it is to get your cert, the less secure it is. This is because part of the certification process is to confirm that you are, in fact, who you claim you are.

It has been my experience that all of the CA's continually modify their underwriting procedures so just because someone says "xyz was really easy to get a cert from last year" does not mean that is the case today. Also, how much underwriting is required is determined by where you are located, the type of organization you have, etc.

All in all, it is best to view your SSL service much like you would a bank account. You can't just call one bank and ask them to go get your money from the other bank. Instead, you have to close one account, withdraw your funds, apply for a new account and re-deposit the funds.

Thanks, Rich.