Page History
...
Tip | ||||
---|---|---|---|---|
| ||||
In case you're replacing an expiring TLS certificate where the matching private key is still considered to be secure and of sufficient strength (in 2023 for RSA keys that means a key size of at least 2048 bits) you'll want to keep using the existing private key (and PKCS#12 keystore passphrase) and generate any CSRs from that key.
When asked to "Enter Import Password" supply the existing Then generate a CSR from the extracted private key, either by supplying the necessary data (at least the subject) on the command line or by entering any data interactively when being prompted for it (when not adding
When asked to "Enter pass phrase for webserver.key" again provide the passphrase from the previous steps. The content of webserver.csr is what you provide to your CA then, e.g. via |
...
Remove or comment out all other Connectors in /etc/tomcat10/server.xml
, then add the two Connectors as per below, replacing keystorePass
certificateKeystorePassword
with the password generated earlier:
...