Will requesting a new CSR invalidate current certificate?

[350Zed]

Hi,

I'm in the process of changing our SSL certificate on a Tomcat webserver. I'm happy with what needs to be done as I put the current one on there, but I'm unsure of what will happen when I generate the new CSR request. Will the current certificate still work?

The current certificate is a short term free trial one, and having got everything working we're buying a permanent one. The value for Common Name, (ie the domain name) will be the same, but the value for Organisation is changing. Obviously there is going to be time lag between sending the CSR and the certificate being returned and I need the site working during this time.

I've been googling this issue and I can find comments on how to issue a new CSR in IIS without invalidating the existing one, but no mention of anything with Tomcat. So either it's not a problem or it's impossible. I'd prefer not to bring our site down in the process of finding out!

Thanks

 

[prosper]

Developer may self sign a cerficate for development purpose.

http://blogs.dfwikilabs.org/pigui/tag/tomcat/

Are you sure your company use Tomcat only?(without apache server?)

 

[350Zed]

We're running apache tomcat 5.5.15 and using the Java keytool for handling the keystore.

This is for a production server so a self signed certificate isn't an option. I've got the trial certificate from the CA running on there fine at the moment.

I need to change one of the fields in the CSR before sending to the CA to purchase the new certificate. So I cant reuse the CSR from the trial certificate. (I'm not sure I can resubmit anyway if nothing was changing.)

My concern is that in creating the new CSR it will cause the current certificate to stop working. If this is the case and the site will be down, I need to wait until the CA has completed all the other verification steps so that the time between generating the CSR and getting the new certificate back is as short as possible.