-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Conway,
On 12/23/11 4:13 PM, Conway Liu wrote: > Also, if we later add another Tomcat site (with a different domain > name) on the same Windows 2008 R2 server, do we have to generate > another CSR to purchase another SSL certificate? Apache httpd and non-APR Tomcat use different certificate storage formats: httpd uses a fairly simple PEM file format where you can have one or more certs concatenated together in a single file (or separately). When using APR with Tomcat, it uses the same format as httpd. If you aren't using APR, then the underlying Java environment is providing crypto services through a KeyStore which is stored in a completely different format. The certificates themselves are a standardized format, and you can export from one format and import to the other format whenever you want. You just need to figure out the right incantations of "keytool" and "openssl" to make that happen. So, have no fear of making a decision now that cannot be undone. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk70+/QACgkQ9CaO5/Lv0PD7TgCgu19hFQSvS4av/IrE3tse6eQP VbUAn0WxvQzOF+bk9hw2CsFbXhG3UBcK =f8ln -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org