using same keystore with 2 tomcat versions?

I'm new to tomcat/ssl, so forgive the silly questions

I'm coming into an already established environment with a loadbalanced https domain name that I can't change. I am loading tomcat 6.0.18 on an existing tomcat 5.5 server. 5.5 is set up to use SSL and has a keystore file created under a local tomcat user (home directory). I started tomcat 6.0.18 as root for the time being. What I am wondering is can I start tomcat 6.0.18 as the tomcat user will it somehow be able to just pick up and use the keystore file?

If it helps.. both tomcats will be serving applications from the same domain name.
Example:

www.company.com/webapp1 hits a load balancer on port 80, redirects to 443, redirects back to 80 (internal apache communication) and then that proxypasses to tomcat 5.5 on 8443
www.company.com/webapp2 hits the same load balancer on port 80, redirects to 443, redirects back to 80 (internal apache communication) and then proxypasses to tomcat 6.0.18 18080 (since I don't have 8443 working yet)..


I technically don't need https for this tomcat app.. but it's more difficult to change the load balancer/domain naming config around than it should be to get ssl working.

The instructions in server.xml say to just uncomment the ssl connector entry (done), and running...
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and
the keystore itself.

however... I'm afraid of breaking whatever was done for the original ssl setup.

Does anyone have any suggestions for me?

You should be able to share the same keystore file with 2 different Tomcats. A keystore is basically a database. Because it's a security database, it might object to being moved or copied, but I don't think it does. It will however, be sensitive to the domain names of the items stored within it. Or actually, more like the other way around - your certificate must match the domain name it's served from or complaints will arise.

Concurrent use shouldn't be a problem. As I understand it, the keystore itself is only read at Tomcat startup time, so the read/write activity would be very low. And presumably Sun defined the keytool to allow for concurrent access.

Yep. It worked great. I assumed I'd be able to, so I tried it last night and it seemed to work ok. I didn't copy/move the keystore.. just ran tomcat as the same user so it would have access to the keystore.

Thank you very much for the reply!!