tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antonio Fiol BonnĂ­n <>
Subject Re: Rollover Web Certificate
Date Wed, 25 Feb 2004 07:00:03 GMT wrote:

>Wondering if anybody has experienced a web cert expiring in their keystore. If
>so, I was wondering how you go about replacing it without bringing down the
>server. Can you simply create a new certificate (in a different keystore, I'd
>imagine) then get it signed via the CSR, then import the new one into the
>original keystore, overwriting the current about-to-expire certificate? I don't
>think this would work though because the private keys would be different in the
>two keystores. So you'd have to do this whole process in a new keystore and then
>bounce Tomcat and have it point to the new keystore.

When you renew a certificate, you are supposed to use the same private 
key you used the first time.
  -- Google: SSL Certificates HOWTO.

Other than that, is it so bad to restart a server? I'd bet the keystore 
is only read at the connector init, and not re-read later. But I have 
not seen the code, so maybe someone will correct this.

Antonio Fiol

View raw message