Rollover Web Certificate
Hi, Wondering if anybody has experienced a web cert expiring in their keystore. If so, I was wondering how you go about replacing it without bringing down the server. Can you simply create a new certificate (in a different keystore, I'd imagine) then get it signed via the CSR, then import the new one into the original keystore, overwriting the current about-to-expire certificate? I don't think this would work though because the private keys would be different in the two keystores. So you'd have to do this whole process in a new keystore and then bounce Tomcat and have it point to the new keystore. Thanks, Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rollover Web Certificate
[EMAIL PROTECTED] wrote: Wondering if anybody has experienced a web cert expiring in their keystore. If so, I was wondering how you go about replacing it without bringing down the server. Can you simply create a new certificate (in a different keystore, I'd imagine) then get it signed via the CSR, then import the new one into the original keystore, overwriting the current about-to-expire certificate? I don't think this would work though because the private keys would be different in the two keystores. So you'd have to do this whole process in a new keystore and then bounce Tomcat and have it point to the new keystore. When you renew a certificate, you are supposed to use the same private key you used the first time. -- Google: SSL Certificates HOWTO. Other than that, is it so bad to restart a server? I'd bet the keystore is only read at the connector init, and not re-read later. But I have not seen the code, so maybe someone will correct this. Antonio Fiol smime.p7s Description: S/MIME Cryptographic Signature
