Hi Will- Generate private key $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/domainname.kdb
then Generate the CSR $JAVA_HOME/bin/keytool -certreq -alias tomcat -keystore /path/to/keystore.kdb -file filename.csr so if you change $JAVA_HOME say from JDK 1.3 to JDK 1.4 (which has JSSE integrated) then I would re-create the private-key and the csr Makes Sense? M- --------------------------------------------------------------------------- This e-mail message (including attachments, if any) is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, proprietary , confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited. --------------------------------------------------------------------------- Le présent message électronique (y compris les pièces qui y sont annexées, le cas échéant) s'adresse au destinataire indiqué et peut contenir des renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le destinataire de ce document, nous vous signalons qu'il est strictement interdit de le diffuser, de le distribuer ou de le reproduire. ----- Original Message ----- From: "Will Holmes" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <users@tomcat.apache.org> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, March 20, 2007 8:27 AM Subject: RE: Importing an existing SSL cert into a newer JDK version > Does the JDK version that created the keystore file have a tie on it? If > not all I would need to do is install the new JDK and change my Tomcat > environment variables to point to the new JDK. Am I correct? > > Thanks again!! > Will > > -----Original Message----- > From: Mark Thomas [mailto:[EMAIL PROTECTED] > Sent: Sunday, March 18, 2007 11:19 PM > To: Tomcat Users List > Subject: Re: Importing an existing SSL cert into a newer JDK version > > Will Holmes wrote: >> Mark, >> >> Do you know if I have to regenerate a CSR and do a reissue with our CA > or can I import the existing cert? > > As far as I know, the keystore files are the same format so you can > just re-use the file. There should be no need to go back to our CA. > > Mark > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
