-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nitin,
On 6/18/19 13:50, Nitin Kadam wrote: > Hello, > > I want to renew current SSL certificate So I am confused. Do I need > to recreate keystore and csr for new certificate. > > If I have to create new keystore, how I can create same on existing > running setup. You do not need to create a new key, but it would be a goods idea to create a new one, just in case your old key has been compromised. It's really not that complicated to create a new key. Keep your old keystore with no changes. Create a new keystore with a new key and new certificate. Get the cert signed by a CA and import the signed cert back into your keystore, along with any of the CA's intermediate certificates that may be necessary. This process has been documented many many times on the web. - -chris > On Thu, Jun 13, 2019, 12:11 PM Ognjen Blagojevic < > ognjen.d.blagoje...@gmail.com> wrote: > >> Nitin, >> >> On 13.6.2019. 07.37, Nitin Kadam wrote: >>> I have apache tomcat server running with publicly signed SSL >>> certificate configured in server.xml, the same certificate is >>> expiring in next week, >> I >>> need steps to the to renew of same. *Server OS: Windows 2012 >>> R2* *Apache Tomcat/8.5.38* >>> >>> 1. How to generate new CSR with new key alias 2. How to import >>> the new. cert & intermediate certificate chain in .jks format >>> 3. what about keystore & current key alias >>> >>> >>> kindly guide me, as I will be performing same first time. >> >> You can find instructions here: >> >> >> http://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Installing_a_C ertificate_from_a_Certificate_Authority >> >> >> Regards, >> Ognjen >> > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl0JelUACgkQHPApP6U8 pFhG9Q//YUAnPWCgn5LrQrY3KUgj0QIp72vH61MB2zdSs85rfIBLwEXOfALtomHf p24uRxNvn8hqx8BPRrxwM0Zf2Q0YHd9pBdTww1bb9xTwILqzBQTuzrac8DNnHUDW HXdOyej3tKiPD0e5Wp9AE9aFoE/56/uqxDTej5bGbE7/Prbwf7ynlNsetHMzBA/u BOzE7TpJjxDdmqOIm87JGZtrfDGIIV7xzAdZySg6QtkeD7ieSOrIkrBrToUU2MJG 53n79iEJn+yKWCjtfTBG2mWOT9zwCevNo2VjMk6ql2BbVtlCJ6j8RQeEqpnzEtHB BEECiSAnfRE8wuJ6Ajq/dL3mYcCZrlRyA6XMDA/7GPoiNrlW/cYJ1uxpFbxMiJnm yX3elf16CgBPRm7yg/TbGqihDIpUtRSWAIhTsa56EzvYV1msqCWt8iWkbOBeeyEd UyLaP95N0EDptXIgrgOV1dodyDfKDvjgG9KXfiCEI9Owg9Ka73zffGWuB1Af5P/d +k90Oak8hrDhNjD1E3oqm3wmHi+4rPAH66thxk5M3SV7yRmh+9mbO7XgvPw77EA6 0iWD/JvXOgUw2p/i0Mp4vWMlKE6wLTh4ER/5PKHXK1ZVoD2NfISjky0cpsxmHs/w 7VxnLDDqFyIqaXvDwHaqs0jzL2BWn/V/7ucavFYf7RDeoyg0kh4= =Du+S -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
