Ssl – what if I lost the keystore which generate the CSR

ssltomcat

Sorry I am a beginner about ssl cert.

according to

http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Create_a_local_Certificate_Signing_Request_(CSR)

it will gen a keystore and CSR.

we generate the CSR and send to Certificate Authority.

What if I lost the keystore ? should I regen the CSR again to reapply the ssl cert?

Refer to
https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO832
It will generate a new keystore file.

is it the file store the private key? which stated in https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO750
, which say

1. Private Key file loss.

2. Private Key pass phrase loss.

3. Private Key file has been compromised due to the server being hacked.   
...... 
......

Best Answer

Yeah, if you've lost the keystore then you've lost the private key.

The certificate generated from that CSR is now unusable to you, but the certificate authority should happily re-issue a new certificate if you generate a new CSR from a new private key.

Related Solutions

Tomcat – Exporting Private Key

Believe it or not, this functionality is not supported in keytool. The best solution I have found so far is the software and instructions available for download on this Web site.

I usually generate the key using openssl and then use this method to import the key, as that is not supported by keytool either.

To generate a 2048 bit key:

openssl genrsa -out host.domain.com.key 2048

To create a keystore from this key:

KEY=host.domain.com
openssl pkcs8 -topk8 -nocrypt -in $KEY.key -inform PEM -out key.der -outform DER
openssl x509 -in $KEY.crt -inform PEM -out cert.der -outform DER
wget http://www.agentbob.info/agentbob/81/version/default/part/AttachmentData/data/ImportKey.class
java ImportKey key.der cert.der

Ssl – Issue replacing SSL certificate with renewed one on Tomcat 6.0 (using keytool)

Yes, you'll have to include/replace the Intermediate as well, and do so before importing the new certificate. Most SSL vendors are chaining through intermediates these days, which adds steps.

Best Answer

Related Solutions

Tomcat – Exporting Private Key

Ssl – Issue replacing SSL certificate with renewed one on Tomcat 6.0 (using keytool)

Related Topic