httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Melanie Pfefer <melanie_pfe...@yahoo.co.uk>
Subject Re: [users@httpd] renewing a certificate
Date Wed, 06 May 2009 13:40:03 GMT

Hi ,

I created the .pem file using keytool

keytool -export -alias tomcat -rfc > tomcat.pem

and then moved this file to apache directory and ran c_rehash  /usr/local/apache/conf/ssl

this created a link file cc5d41ae.0 -> tomcat.pem

what are the missing steps to create the server.key and server.crt on apache using openssl?

thanks



--- On Wed, 6/5/09, Prasanna Ram Venkatachalam <vpram86@gmail.com> wrote:

> From: Prasanna Ram Venkatachalam <vpram86@gmail.com>
> Subject: Re: [users@httpd] renewing a certificate
> To: users@httpd.apache.org
> Date: Wednesday, 6 May, 2009, 3:15 PM
> oh.. i hope server.crt is the
> certificate you are using? right?
> 
> 
> On Wed, May 6, 2009 at 5:44 PM,
> Prasanna Ram Venkatachalam <vpram86@gmail.com>
> wrote:
> 
> 
> Melanie, i think keytool does not create any
> certificate. Its just a key/certificate management
> utility.
> http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html
>  
> What did you use to get server.crt? openssl ,selfssl
> or some free sites available??
> 
> Regards
> Prasanna Ram
> 
> 
> 
> 
> On Wed, May 6, 2009 at 12:22 PM,
> Melanie Pfefer <melanie_pfefer@yahoo.co.uk>
> wrote:
> 
> 
> Hi,
> 
> I have tomcat server running as a backend server and apache
> running as front-end, both on the same machine
> 
> 
> In httpd.conf, I have:
> 
> SSLProxyEngine On
> RewriteEngine On
> SSLProxyCACertificatePath /usr/local/apache/conf/ssl
> RewriteRule ^/(abc.*) https://host:port/$1 [P,L]
> 
> 
> I am getting an error that the certificate is out of date.
> 
> 
> What I did before was:
> 
> keytool -export -alias tomcat -rfc > tomcat.pem
> c_rehash  /usr/local/apache/conf/ssl
> 
> now /usr/local/apache/conf/ssl has
> 
> server.crt
> server.key
> tomcat.pem
> cc5d41ae.0 -> tomcat.pem
> 
> 
> 
> I need to know how to renew the certificate.
> 
> Is it sufficient to redo:
> 
> keytool -export -alias tomcat -rfc > tomcat.pem
> c_rehash  /usr/local/apache/conf/ssl
> 
> how to rollback in case of failures?
> 
> 
> Thank you
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html>
> for more info.
> 
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> 
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 
> 
> 
> -- 
> Prasanna Ram
> 
> 
> 
> 
> -- 
> Prasanna Ram
> 
> 


      

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message