How to update already installed but now expired certificate on tomcat, we have windows server where aware IM and tomcat are installed. Certificate was installed last year but now its expired.
Do we have to use same steps?
1. Create CSR (Certificate Signing Request)
2. Submit this CSR to CA (Certifying Authority) eg. Verisign, Thawte,
GeoTrust etc.
3. CA will issue 2 certificates i.e. Server Certificate and Intermediate
Certificate
4. Install these certificates on Tomcat
5. Modify server.xml
Updating expired certificate on tomcat
-
- Posts: 370
- Joined: Sat Apr 28, 2018 3:33 am
- Location: India
- Contact:
Re: Updating expired certificate on tomcat
I think so. We have never tried to automate it.
We do almost the same steps.
Major difference is that we handle the CSR via Microsoft IIS web server and use .PFX certificate files that we export to the Aware IM server.
Since we use the same names and folders for the renewed certificates, we don't need to modify the sever.xml file when we renew. Only have to replace the old certificate and restart Aware IM.
Not sure about step 4. We never had to install anything. It is just a file.
See this thread for .pfx configuration if interested: https://www.awareim.com/forum/viewtopic.php?f=4&t=12399
We do almost the same steps.
Major difference is that we handle the CSR via Microsoft IIS web server and use .PFX certificate files that we export to the Aware IM server.
Since we use the same names and folders for the renewed certificates, we don't need to modify the sever.xml file when we renew. Only have to replace the old certificate and restart Aware IM.
Not sure about step 4. We never had to install anything. It is just a file.
See this thread for .pfx configuration if interested: https://www.awareim.com/forum/viewtopic.php?f=4&t=12399
-
- Posts: 370
- Joined: Sat Apr 28, 2018 3:33 am
- Location: India
- Contact:
Re: Updating expired certificate on tomcat
thanks. We did it previously differently.
Now on second command I get
: Certificate reply does not contain public key for <tomcat>
I did these steps again-
. Create CSR (Certificate Signing Request)
2. Submit this CSR to CA (Certifying Authority) eg. Verisign, Thawte,
GeoTrust etc.
3. CA will issue 2 certificates i.e. Server Certificate and Intermediate
Certificate
4. Install these certificates on Tomcat
5. Modify server.xml
Now on second command I get
: Certificate reply does not contain public key for <tomcat>
keytool -import -alias intermediate1 -keystore tomcat.keystore -trustcacerts -file "C:\AwareIM\JDK\bin\36963ec0e417b03d.crt"
keystore pwd- ...
keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file "C:\AwareIM\JDK\bin\gd_bundle-g2-g1.crt"
Now on second command I get
: Certificate reply does not contain public key for <tomcat>
I did these steps again-
. Create CSR (Certificate Signing Request)
2. Submit this CSR to CA (Certifying Authority) eg. Verisign, Thawte,
GeoTrust etc.
3. CA will issue 2 certificates i.e. Server Certificate and Intermediate
Certificate
4. Install these certificates on Tomcat
5. Modify server.xml
Now on second command I get
: Certificate reply does not contain public key for <tomcat>
keytool -import -alias intermediate1 -keystore tomcat.keystore -trustcacerts -file "C:\AwareIM\JDK\bin\36963ec0e417b03d.crt"
keystore pwd- ...
keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file "C:\AwareIM\JDK\bin\gd_bundle-g2-g1.crt"
-
- Posts: 370
- Joined: Sat Apr 28, 2018 3:33 am
- Location: India
- Contact:
Re: Updating expired certificate on tomcat
Its all good now. I used generate csr and then key in godaddy and import on server steps and it works just perfect-
-
- Posts: 1473
- Joined: Tue Jan 24, 2017 5:51 am
- Location: 'Stralya
Re: Updating expired certificate on tomcat
Use a reverse proxy with certbot, never have to fiddle with certificates again.