Hi , I created the .pem file using keytool keytool -export -alias tomcat -rfc > tomcat.pem and then moved this file to apache directory and ran c_rehash /usr/local/apache/conf/ssl this created a link file cc5d41ae.0 -> tomcat.pem what are the missing steps to create the server.key and server.crt on apache using openssl? thanks --- On Wed, 6/5/09, Prasanna Ram Venkatachalam <vpram86@xxxxxxxxx> wrote: > From: Prasanna Ram Venkatachalam <vpram86@xxxxxxxxx> > Subject: Re: renewing a certificate > To: users@xxxxxxxxxxxxxxxx > Date: Wednesday, 6 May, 2009, 3:15 PM > oh.. i hope server.crt is the > certificate you are using? right? > > > On Wed, May 6, 2009 at 5:44 PM, > Prasanna Ram Venkatachalam <vpram86@xxxxxxxxx> > wrote: > > > Melanie, i think keytool does not create any > certificate. Its just a key/certificate management > utility. > http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html > > What did you use to get server.crt? openssl ,selfssl > or some free sites available?? > > Regards > Prasanna Ram > > > > > On Wed, May 6, 2009 at 12:22 PM, > Melanie Pfefer <melanie_pfefer@xxxxxxxxxxx> > wrote: > > > Hi, > > I have tomcat server running as a backend server and apache > running as front-end, both on the same machine > > > In httpd.conf, I have: > > SSLProxyEngine On > RewriteEngine On > SSLProxyCACertificatePath /usr/local/apache/conf/ssl > RewriteRule ^/(abc.*) https://host:port/$1 [P,L] > > > I am getting an error that the certificate is out of date. > > > What I did before was: > > keytool -export -alias tomcat -rfc > tomcat.pem > c_rehash /usr/local/apache/conf/ssl > > now /usr/local/apache/conf/ssl has > > server.crt > server.key > tomcat.pem > cc5d41ae.0 -> tomcat.pem > > > > I need to know how to renew the certificate. > > Is it sufficient to redo: > > keytool -export -alias tomcat -rfc > tomcat.pem > c_rehash /usr/local/apache/conf/ssl > > how to rollback in case of failures? > > > Thank you > > > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP > Server Project. > See <URL:http://httpd.apache.org/userslist.html> > for more info. > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > > > -- > Prasanna Ram > > > > > -- > Prasanna Ram > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx