Updating expired certificate on tomcat

If you have questions or if you want to share your opinion about Aware IM post your message on this forum
Post Reply
swiftinitpvtltd
Posts: 370
Joined: Sat Apr 28, 2018 3:33 am
Location: India
Contact:

Updating expired certificate on tomcat

Post by swiftinitpvtltd »

How to update already installed but now expired certificate on tomcat, we have windows server where aware IM and tomcat are installed. Certificate was installed last year but now its expired.
Do we have to use same steps?
1. Create CSR (Certificate Signing Request)
2. Submit this CSR to CA (Certifying Authority) eg. Verisign, Thawte,
GeoTrust etc.
3. CA will issue 2 certificates i.e. Server Certificate and Intermediate
Certificate
4. Install these certificates on Tomcat
5. Modify server.xml
joben
Posts: 221
Joined: Wed Nov 06, 2019 9:49 pm
Location: Sweden
Contact:

Re: Updating expired certificate on tomcat

Post by joben »

I think so. We have never tried to automate it.
We do almost the same steps.

Major difference is that we handle the CSR via Microsoft IIS web server and use .PFX certificate files that we export to the Aware IM server.
Since we use the same names and folders for the renewed certificates, we don't need to modify the sever.xml file when we renew. Only have to replace the old certificate and restart Aware IM.

Not sure about step 4. We never had to install anything. It is just a file.

See this thread for .pfx configuration if interested: https://www.awareim.com/forum/viewtopic.php?f=4&t=12399
Regards, Joakim

Image
swiftinitpvtltd
Posts: 370
Joined: Sat Apr 28, 2018 3:33 am
Location: India
Contact:

Re: Updating expired certificate on tomcat

Post by swiftinitpvtltd »

thanks. We did it previously differently.

Now on second command I get
: Certificate reply does not contain public key for <tomcat>

I did these steps again-
. Create CSR (Certificate Signing Request)
2. Submit this CSR to CA (Certifying Authority) eg. Verisign, Thawte,
GeoTrust etc.
3. CA will issue 2 certificates i.e. Server Certificate and Intermediate
Certificate
4. Install these certificates on Tomcat
5. Modify server.xml

Now on second command I get
: Certificate reply does not contain public key for <tomcat>

keytool -import -alias intermediate1 -keystore tomcat.keystore -trustcacerts -file "C:\AwareIM\JDK\bin\36963ec0e417b03d.crt"

keystore pwd- ...

keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file "C:\AwareIM\JDK\bin\gd_bundle-g2-g1.crt"
swiftinitpvtltd
Posts: 370
Joined: Sat Apr 28, 2018 3:33 am
Location: India
Contact:

Re: Updating expired certificate on tomcat

Post by swiftinitpvtltd »

Its all good now. I used generate csr and then key in godaddy and import on server steps and it works just perfect-
PointsWell
Posts: 1457
Joined: Tue Jan 24, 2017 5:51 am
Location: 'Stralya

Re: Updating expired certificate on tomcat

Post by PointsWell »

Use a reverse proxy with certbot, never have to fiddle with certificates again.
Post Reply