Updating expired certificate on tomcat

swiftinitpvtltd

How to update already installed but now expired certificate on tomcat, we have windows server where aware IM and tomcat are installed. Certificate was installed last year but now its expired.
Do we have to use same steps?

Create CSR (Certificate Signing Request)
Submit this CSR to CA (Certifying Authority) eg. Verisign, Thawte,
GeoTrust etc.
CA will issue 2 certificates i.e. Server Certificate and Intermediate
Certificate
Install these certificates on Tomcat
Modify server.xml

joben

I think so. We have never tried to automate it.
We do almost the same steps.

Major difference is that we handle the CSR via Microsoft IIS web server and use .PFX certificate files that we export to the Aware IM server.
Since we use the same names and folders for the renewed certificates, we don't need to modify the sever.xml file when we renew. Only have to replace the old certificate and restart Aware IM.

Not sure about step 4. We never had to install anything. It is just a file.

See this thread for .pfx configuration if interested: https, http2 and pfx certificates, Tomcat configuration>

swiftinitpvtltd

thanks. We did it previously differently.

Now on second command I get
: Certificate reply does not contain public key for <tomcat>

I did these steps again-
. Create CSR (Certificate Signing Request)

Submit this CSR to CA (Certifying Authority) eg. Verisign, Thawte,
GeoTrust etc.
CA will issue 2 certificates i.e. Server Certificate and Intermediate
Certificate
Install these certificates on Tomcat
Modify server.xml

Now on second command I get
: Certificate reply does not contain public key for <tomcat>

keytool -import -alias intermediate1 -keystore tomcat.keystore -trustcacerts -file "C:\AwareIM\JDK\bin\36963ec0e417b03d.crt"

keystore pwd- ...

keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file "C:\AwareIM\JDK\bin\gd_bundle-g2-g1.crt"

swiftinitpvtltd

Its all good now. I used generate csr and then key in godaddy and import on server steps and it works just perfect-

PointsWell

Use a reverse proxy with certbot, never have to fiddle with certificates again.