Page History
...
Tip | ||||
---|---|---|---|---|
| ||||
In case you're replacing an expiring TLS certificate where the matching private key is still considered to be secure and of sufficient strength (in 2023 2024 CE for RSA keys that means a key size of at least 2048 bits) you'll want to keep using the existing private key (and PKCS#12 keystore passphrase) and generate any CSRs from that key.
When asked to "Enter Import Password" supply the existing Then generate a CSR from the extracted private key, either by supplying the necessary data (at least the subject) on the command line or by entering any data interactively when being prompted for it (when not adding
When asked to "Enter pass phrase for webserver.key" again provide the passphrase from the previous steps. The content of webserver.csr is what you provide to your CA then, e.g. via |
...
Start Tomcat, check for listening ports, and access https://webserver-fqdn/foo
which should result in an HTTP Status 404
error (since /foo won't exist) but allows you to confirm a hopefully valid TLS/SSL webserver configuration:
...