tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Creating CSR for Purchasing SSL Certificate from VeriSign
Date Fri, 23 Dec 2011 22:08:52 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Conway,

On 12/23/11 4:13 PM, Conway Liu wrote:
> Also, if we later add another Tomcat site (with a different domain
> name) on the same Windows 2008 R2 server,  do we have to generate
> another CSR to purchase another SSL certificate?

Apache httpd and non-APR Tomcat use different certificate storage
formats: httpd uses a fairly simple PEM file format where you can have
one or more certs concatenated together in a single file (or
separately). When using APR with Tomcat, it uses the same format as httpd.

If you aren't using APR, then the underlying Java environment is
providing crypto services through a KeyStore which is stored in a
completely different format.

The certificates themselves are a standardized format, and you can
export from one format and import to the other format whenever you
want. You just need to figure out the right incantations of "keytool"
and "openssl" to make that happen.

So, have no fear of making a decision now that cannot be undone.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk70+/QACgkQ9CaO5/Lv0PD7TgCgu19hFQSvS4av/IrE3tse6eQP
VbUAn0WxvQzOF+bk9hw2CsFbXhG3UBcK
=f8ln
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message