tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Creating CSR for Purchasing SSL Certificate from VeriSign
Date Fri, 23 Dec 2011 22:08:52 GMT
Hash: SHA1


On 12/23/11 4:13 PM, Conway Liu wrote:
> Also, if we later add another Tomcat site (with a different domain
> name) on the same Windows 2008 R2 server,  do we have to generate
> another CSR to purchase another SSL certificate?

Apache httpd and non-APR Tomcat use different certificate storage
formats: httpd uses a fairly simple PEM file format where you can have
one or more certs concatenated together in a single file (or
separately). When using APR with Tomcat, it uses the same format as httpd.

If you aren't using APR, then the underlying Java environment is
providing crypto services through a KeyStore which is stored in a
completely different format.

The certificates themselves are a standardized format, and you can
export from one format and import to the other format whenever you
want. You just need to figure out the right incantations of "keytool"
and "openssl" to make that happen.

So, have no fear of making a decision now that cannot be undone.

- -chris
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools -
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message