tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hardibo Pierre-Jean <cont...@hardibopj.com>
Subject Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)
Date Fri, 03 Jun 2016 22:18:38 GMT
gdig2.crt is intermediate my_certificate must be the last to configure so i think bundle may
be the root.



Le 04/06/2016 00:13, Conor Skyler a écrit :
> Hello Pierre,
>
> Yes, I contacted the technical support at GoDaddy and then basically told
> me that I'm on my own and that I should find someone that knows how to
> handle the configuration -- that's all the aid they gave me.
>
> I think that there two separate problems here.
> First one, the mismatch between the files I receive zipped and the ones
> referred in the website when it reads:
>
> "The file names for your root and intermediate certificates depend on your
> signature algorithm.
>
>     - SHA-1 root certificate: gd_class2_root.crt
>     - SHA-2 root certificate: gdroot-g2.crt
>     - SHA-1 intermediate certificate: gd.intermediate.crt
>     - SHA-2 intermediate certificate: gdig2.crt
>     - (*Java 6/7 only*) SHA-2 Root Certificate: gdroot-g2_cross.crt"
>
> But the files I get when I unzip the downloaded archive are:
>
> my_certificate.crt
> gd_bundle-g2-g1.crt
> gdig2.crt
>
> So first thing here is that I don't how to use them when following the
> instructions stated on the site (the only one I can identify is
> my_certificate.crt).
>
> With the second issue my guess is that it might be related to the KeyStore
> file not holding the private key:
> I wasn't given the original tomcat.keystore file (following the example on
> GoDaddy's website) so here I'm starting from the scratch, generating a new
> KeyStore.
> What I have though is a PEM file from the person I presume the .csr request
> file; is there a way to add it to the KeyStore file I create when following
> the instructions on GoDaddy's site?
>
> Thank you very much for stepping in!
> -Conor
>
>
>
> On Fri, Jun 3, 2016 at 6:09 PM, Hardibo Pierre-Jean <contact@hardibopj.com>
> wrote:
>
>> there's all here no ?
>>
>> https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
>>
>> Le 03/06/2016 22:37, Conor Skyler a écrit :
>>
>>> Hi again,
>>>
>>> At this point I don't know what else to try: I carefully gone through the
>>> process stated at GoDaddy's website once again trying different
>>> combinations with the certificates (as the instructions provided by
>>> GoDaddy
>>> doesn't match the certificates you download)  but the result was the same
>>> as before, it didn't work.
>>>
>>> Early today I found this post in StackOverflow:
>>>
>>> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
>>> which somehow brought some hope to me as the title states literally the
>>> issue I'm having: '
>>>
>>> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
>>> '
>>>
>>> Sadly after trying everything what's shown there and reading tons of stuff
>>> I still can't make the KeyStore work with my Tomcat server.
>>>
>>> Any help will be greatly appreciated.
>>> -Conor
>>>
>>>
>>>
>>> On Wed, Jun 1, 2016 at 6:12 PM, Conor Skyler <conorskyler@gmail.com>
>>> wrote:
>>>
>>> Hi Daniel,
>>>> Thank you very much for stepping in, I’m processing a new set of
>>>> certificates that I hope to try tomorrow.
>>>>
>>>> Warm regards,
>>>> -Conor
>>>>
>>>>
>>>> On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa <dmikusa@pivotal.io>
>>>> wrote:
>>>>
>>>> On Mon, May 30, 2016 at 11:26 PM, Conor Skyler <conorskyler@gmail.com>
>>>>> wrote:
>>>>>
>>>>> Hello list,
>>>>>> I'm trying to install the certificates I bought from GoDaddy into
my
>>>>>>
>>>>> Tomcat
>>>>>
>>>>>> server, however so far I've been unsuccessful to achieve this.
>>>>>>
>>>>>> My system specs are:
>>>>>> OS: Amazon Linux (fully updated)
>>>>>> Tomcat version: 8.0.32, installed from the repos
>>>>>> Java version: $ java -version
>>>>>> openjdk version "1.8.0_91"
>>>>>> OpenJDK Runtime Environment (build 1.8.0_91-b14)
>>>>>> OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
>>>>>>
>>>>>> To install the certificates I followed this tutorial from GoDaddy
>>>>>>
>>>>> website:
>>>>>
>>>>>>
>>>>> https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
>>>>>
>>>>>> which explains how to create a KeyStore and configure the <Connector>
>>>>>> in
>>>>>> the server.xml file.
>>>>>>
>>>>>> Follow these instructions.
>>>>>
>>>>> Now, judging from the official Tomcat documentation in
>>>>>> https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
>>>>>>
>>>>> that I
>>>>>
>>>>>> first need to conver the .crt files provided by GoDaddy to PKCS12
>>>>>>
>>>>> format --
>>>>>
>>>>>> I wonder then why the instructions in GoDaddy's website state other
>>>>>>
>>>>> thing!
>>>>> There's more than one way to do this.  If you started out by following
>>>>> the
>>>>> GoDaddy instructions to generate your CSR, then continue to follow them
>>>>> to
>>>>> import your signed certificate.
>>>>>
>>>>>
>>>>> But then I read this piece of documentation that left me completely
>>>>>> bewildered:
>>>>>> To import an existing certificate signed by your own CA into a PKCS12
>>>>>> keystore using OpenSSL you would execute a command like:
>>>>>>
>>>>>> openssl pkcs12 -export -in mycert.crt -inkey mykey.key
>>>>>>                          -out mycert.p12 -name tomcat -CAfile myCA.crt
>>>>>>                          -caname root -chain
>>>>>>
>>>>>> In this example there's a reference to a 'mykey.key' file that I
don't
>>>>>> have a clue how to obtain it or from where it comes since when I
>>>>>> download the certificates provided by GoDaddy, there's no such .key
>>>>>> file: I can download several different types of certificates in .crt
>>>>>> format but there isn't any .key file to download.
>>>>>>
>>>>>> This has to do with the way that you generated the CSR.  The GoDaddy
>>>>> instructions have you using keytool and a keystore.  In this case, your
>>>>> private key will exist in the keystore, so you won't have a .key file
>>>>> and
>>>>> that's OK.
>>>>>
>>>>>
>>>>> I tried contacting their support and well, they weren't any helpful at
>>>>>> all, they pointed me to the repository where all the certificates
are
>>>>>> stored and told me to 'find someone that knows how to handle them'
--
>>>>>> thanks for nothing :(
>>>>>>
>>>>>> Finally I want to say that I have Tomcat running smooth at port 8080,
>>>>>> I even configured an administrator user to access the status page
>>>>>> which works perfectly, my problem is that I just can't find how to
>>>>>> properly install and configure the SSL.
>>>>>>
>>>>>> Follow the GoDaddy instructions.  They should work.  If you get stuck
>>>>> on a
>>>>> specific step, let us know.
>>>>>
>>>>> Dan
>>>>>
>>>>>
>>>>> What I'm not sure though is what part or steps I'm missing, I believe
>>>>>> this has to be much more simpler that it's been so far for me but
>>>>>> seriously I can't wrap my mind around it.
>>>>>>
>>>>>> Thank you very much for taking the time to read this n00b's help
>>>>>> scream.
>>>>>>
>>>>>> Best regards,
>>>>>> -Conor
>>>>>>
>>>>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message