httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Prasanna Ram Venkatachalam <vpra...@gmail.com>
Subject Re: [users@httpd] renewing a certificate
Date Wed, 06 May 2009 12:14:29 GMT
Melanie, i think keytool does not create any certificate. Its just a
key/certificate management utility.
http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html

What did you use to get server.crt? openssl ,selfssl or some free sites
available??
Regards
Prasanna Ram
On Wed, May 6, 2009 at 12:22 PM, Melanie Pfefer
<melanie_pfefer@yahoo.co.uk>wrote:

>
> Hi,
>
> I have tomcat server running as a backend server and apache running as
> front-end, both on the same machine
>
> In httpd.conf, I have:
>
> SSLProxyEngine On
> RewriteEngine On
> SSLProxyCACertificatePath /usr/local/apache/conf/ssl
> RewriteRule ^/(abc.*) https://host:port/$1 [P,L]
>
>
> I am getting an error that the certificate is out of date.
>
> What I did before was:
>
> keytool -export -alias tomcat -rfc > tomcat.pem
> c_rehash  /usr/local/apache/conf/ssl
>
> now /usr/local/apache/conf/ssl has
>
> server.crt
> server.key
> tomcat.pem
> cc5d41ae.0 -> tomcat.pem
>
>
> I need to know how to renew the certificate.
>
> Is it sufficient to redo:
>
> keytool -export -alias tomcat -rfc > tomcat.pem
> c_rehash  /usr/local/apache/conf/ssl
>
> how to rollback in case of failures?
>
> Thank you
>
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


-- 
Prasanna Ram

Mime
View raw message