Hi, Adding more clarification for ease below.
1) create keystore.jks with self signed cert (alias tomcat). 2) generate old.csr and send for signing to CA 3) get back new.cer (signed certificate) and root.cer (root certificate) 4) delete existing cert from keystore.jks (alias tomcat) 5) import root cert (alias root) 6) import new cert (alias tomcat) >From server.xml now in connector entry for ssl use alias tomcat to refer to it. Earlier when there was only tomcat (no root) the alias might not have been needed but now since there are two cert we need alias. Regards, Miten. On Thu, Jan 16, 2014 at 10:31 PM, Miten Mehta <indiami...@gmail.com> wrote: > Hi, > > I am understanding SSL for tomcat using > http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html. > 1)I create jks using self signed certificate using keytool. > 2) I generate CSR from that keystore/certificate. > 3) I get it signed by CA who gives me root certificate and signed > certificate. > 4) I need to delete the existing certificate from keystore and then import > root and signed one ? > > The docs do not mention to delete the existing certificate then if I > import it for same alias will not it complain ? > Do I need to keep existing certificate and import new one under new alias > ? will existing become redundant ? > > Regards, > > Miten > >
