You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Antonio Fiol BonnĂn <fi...@terra.es> on 2004/02/25 08:00:03 UTC
Re: Rollover Web Certificate
paul.spinelli@notes.tcs.treas.gov wrote:
>Wondering if anybody has experienced a web cert expiring in their keystore. If
>so, I was wondering how you go about replacing it without bringing down the
>server. Can you simply create a new certificate (in a different keystore, I'd
>imagine) then get it signed via the CSR, then import the new one into the
>original keystore, overwriting the current about-to-expire certificate? I don't
>think this would work though because the private keys would be different in the
>two keystores. So you'd have to do this whole process in a new keystore and then
>bounce Tomcat and have it point to the new keystore.
>
>
When you renew a certificate, you are supposed to use the same private
key you used the first time.
-- Google: SSL Certificates HOWTO.
Other than that, is it so bad to restart a server? I'd bet the keystore
is only read at the connector init, and not re-read later. But I have
not seen the code, so maybe someone will correct this.
Antonio Fiol