Last week, we had the author of TDD for a Shopping Website LiveProject. Friday at 11am Ranch time, Steven Solomon will be hosting a live TDD session just for us. See for the agenda and registration link
Last week, we had the author of TDD for a Shopping Website LiveProject. Friday at 11am Ranch time, Steven Solomon will be hosting a live TDD session just for us. See for the agenda and registration link
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

using same keystore with 2 tomcat versions?

 
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm new to tomcat/ssl, so forgive the silly questions

I'm coming into an already established environment with a loadbalanced https domain name that I can't change. I am loading tomcat 6.0.18 on an existing tomcat 5.5 server. 5.5 is set up to use SSL and has a keystore file created under a local tomcat user (home directory). I started tomcat 6.0.18 as root for the time being. What I am wondering is can I start tomcat 6.0.18 as the tomcat user will it somehow be able to just pick up and use the keystore file?

If it helps.. both tomcats will be serving applications from the same domain name.
Example:

www.company.com/webapp1 hits a load balancer on port 80, redirects to 443, redirects back to 80 (internal apache communication) and then that proxypasses to tomcat 5.5 on 8443
www.company.com/webapp2 hits the same load balancer on port 80, redirects to 443, redirects back to 80 (internal apache communication) and then proxypasses to tomcat 6.0.18 18080 (since I don't have 8443 working yet)..


I technically don't need https for this tomcat app.. but it's more difficult to change the load balancer/domain naming config around than it should be to get ssl working.

The instructions in server.xml say to just uncomment the ssl connector entry (done), and running...
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and
the keystore itself.

however... I'm afraid of breaking whatever was done for the original ssl setup.

Does anyone have any suggestions for me?
 
Saloon Keeper
Posts: 25467
180
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You should be able to share the same keystore file with 2 different Tomcats. A keystore is basically a database. Because it's a security database, it might object to being moved or copied, but I don't think it does. It will however, be sensitive to the domain names of the items stored within it. Or actually, more like the other way around - your certificate must match the domain name it's served from or complaints will arise.

Concurrent use shouldn't be a problem. As I understand it, the keystore itself is only read at Tomcat startup time, so the read/write activity would be very low. And presumably Sun defined the keytool to allow for concurrent access.
 
Derek Murphy
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yep. It worked great. I assumed I'd be able to, so I tried it last night and it seemed to work ok. I didn't copy/move the keystore.. just ran tomcat as the same user so it would have access to the keystore.

Thank you very much for the reply!!
 
Curse your sudden but inevitable betrayal! And this tiny ad too!
free, earth-friendly heat - a kickstarter for putting coin in your pocket while saving the earth
https://coderanch.com/t/751654/free-earth-friendly-heat-kickstarter
reply
    Bookmark Topic Watch Topic
  • New Topic