tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Conor Skyler <conorsky...@gmail.com>
Subject Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)
Date Fri, 03 Jun 2016 22:13:43 GMT
Hello Pierre,

Yes, I contacted the technical support at GoDaddy and then basically told
me that I'm on my own and that I should find someone that knows how to
handle the configuration -- that's all the aid they gave me.

I think that there two separate problems here.
First one, the mismatch between the files I receive zipped and the ones
referred in the website when it reads:

"The file names for your root and intermediate certificates depend on your
signature algorithm.

   - SHA-1 root certificate: gd_class2_root.crt
   - SHA-2 root certificate: gdroot-g2.crt
   - SHA-1 intermediate certificate: gd.intermediate.crt
   - SHA-2 intermediate certificate: gdig2.crt
   - (*Java 6/7 only*) SHA-2 Root Certificate: gdroot-g2_cross.crt"

But the files I get when I unzip the downloaded archive are:

my_certificate.crt
gd_bundle-g2-g1.crt
gdig2.crt

So first thing here is that I don't how to use them when following the
instructions stated on the site (the only one I can identify is
my_certificate.crt).

With the second issue my guess is that it might be related to the KeyStore
file not holding the private key:
I wasn't given the original tomcat.keystore file (following the example on
GoDaddy's website) so here I'm starting from the scratch, generating a new
KeyStore.
What I have though is a PEM file from the person I presume the .csr request
file; is there a way to add it to the KeyStore file I create when following
the instructions on GoDaddy's site?

Thank you very much for stepping in!
-Conor



On Fri, Jun 3, 2016 at 6:09 PM, Hardibo Pierre-Jean <contact@hardibopj.com>
wrote:

> there's all here no ?
>
> https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
>
> Le 03/06/2016 22:37, Conor Skyler a écrit :
>
>> Hi again,
>>
>> At this point I don't know what else to try: I carefully gone through the
>> process stated at GoDaddy's website once again trying different
>> combinations with the certificates (as the instructions provided by
>> GoDaddy
>> doesn't match the certificates you download)  but the result was the same
>> as before, it didn't work.
>>
>> Early today I found this post in StackOverflow:
>>
>> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
>> which somehow brought some hope to me as the title states literally the
>> issue I'm having: '
>>
>> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
>> '
>>
>> Sadly after trying everything what's shown there and reading tons of stuff
>> I still can't make the KeyStore work with my Tomcat server.
>>
>> Any help will be greatly appreciated.
>> -Conor
>>
>>
>>
>> On Wed, Jun 1, 2016 at 6:12 PM, Conor Skyler <conorskyler@gmail.com>
>> wrote:
>>
>> Hi Daniel,
>>>
>>> Thank you very much for stepping in, I’m processing a new set of
>>> certificates that I hope to try tomorrow.
>>>
>>> Warm regards,
>>> -Conor
>>>
>>>
>>> On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa <dmikusa@pivotal.io>
>>> wrote:
>>>
>>> On Mon, May 30, 2016 at 11:26 PM, Conor Skyler <conorskyler@gmail.com>
>>>> wrote:
>>>>
>>>> Hello list,
>>>>>
>>>>> I'm trying to install the certificates I bought from GoDaddy into my
>>>>>
>>>> Tomcat
>>>>
>>>>> server, however so far I've been unsuccessful to achieve this.
>>>>>
>>>>> My system specs are:
>>>>> OS: Amazon Linux (fully updated)
>>>>> Tomcat version: 8.0.32, installed from the repos
>>>>> Java version: $ java -version
>>>>> openjdk version "1.8.0_91"
>>>>> OpenJDK Runtime Environment (build 1.8.0_91-b14)
>>>>> OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
>>>>>
>>>>> To install the certificates I followed this tutorial from GoDaddy
>>>>>
>>>> website:
>>>>
>>>>>
>>>>>
>>>> https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
>>>>
>>>>> which explains how to create a KeyStore and configure the <Connector>
>>>>> in
>>>>> the server.xml file.
>>>>>
>>>>> Follow these instructions.
>>>>
>>>>
>>>> Now, judging from the official Tomcat documentation in
>>>>> https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
>>>>>
>>>> that I
>>>>
>>>>> first need to conver the .crt files provided by GoDaddy to PKCS12
>>>>>
>>>> format --
>>>>
>>>>> I wonder then why the instructions in GoDaddy's website state other
>>>>>
>>>> thing!
>>>> There's more than one way to do this.  If you started out by following
>>>> the
>>>> GoDaddy instructions to generate your CSR, then continue to follow them
>>>> to
>>>> import your signed certificate.
>>>>
>>>>
>>>> But then I read this piece of documentation that left me completely
>>>>> bewildered:
>>>>> To import an existing certificate signed by your own CA into a PKCS12
>>>>> keystore using OpenSSL you would execute a command like:
>>>>>
>>>>> openssl pkcs12 -export -in mycert.crt -inkey mykey.key
>>>>>                         -out mycert.p12 -name tomcat -CAfile myCA.crt
>>>>>                         -caname root -chain
>>>>>
>>>>> In this example there's a reference to a 'mykey.key' file that I don't
>>>>> have a clue how to obtain it or from where it comes since when I
>>>>> download the certificates provided by GoDaddy, there's no such .key
>>>>> file: I can download several different types of certificates in .crt
>>>>> format but there isn't any .key file to download.
>>>>>
>>>>> This has to do with the way that you generated the CSR.  The GoDaddy
>>>> instructions have you using keytool and a keystore.  In this case, your
>>>> private key will exist in the keystore, so you won't have a .key file
>>>> and
>>>> that's OK.
>>>>
>>>>
>>>> I tried contacting their support and well, they weren't any helpful at
>>>>> all, they pointed me to the repository where all the certificates are
>>>>> stored and told me to 'find someone that knows how to handle them' --
>>>>> thanks for nothing :(
>>>>>
>>>>> Finally I want to say that I have Tomcat running smooth at port 8080,
>>>>> I even configured an administrator user to access the status page
>>>>> which works perfectly, my problem is that I just can't find how to
>>>>> properly install and configure the SSL.
>>>>>
>>>>> Follow the GoDaddy instructions.  They should work.  If you get stuck
>>>> on a
>>>> specific step, let us know.
>>>>
>>>> Dan
>>>>
>>>>
>>>> What I'm not sure though is what part or steps I'm missing, I believe
>>>>> this has to be much more simpler that it's been so far for me but
>>>>> seriously I can't wrap my mind around it.
>>>>>
>>>>> Thank you very much for taking the time to read this n00b's help
>>>>> scream.
>>>>>
>>>>> Best regards,
>>>>> -Conor
>>>>>
>>>>>
>>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message