tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Conor Skyler <conorsky...@gmail.com>
Subject Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)
Date Wed, 01 Jun 2016 21:12:46 GMT
Hi Daniel,

Thank you very much for stepping in, I’m processing a new set of
certificates that I hope to try tomorrow.

Warm regards,
-Conor


On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa <dmikusa@pivotal.io> wrote:

> On Mon, May 30, 2016 at 11:26 PM, Conor Skyler <conorskyler@gmail.com>
> wrote:
>
> > Hello list,
> >
> > I'm trying to install the certificates I bought from GoDaddy into my
> Tomcat
> > server, however so far I've been unsuccessful to achieve this.
> >
> > My system specs are:
> > OS: Amazon Linux (fully updated)
> > Tomcat version: 8.0.32, installed from the repos
> > Java version: $ java -version
> > openjdk version "1.8.0_91"
> > OpenJDK Runtime Environment (build 1.8.0_91-b14)
> > OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
> >
> > To install the certificates I followed this tutorial from GoDaddy
> website:
> >
> >
> https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
> > which explains how to create a KeyStore and configure the <Connector> in
> > the server.xml file.
> >
>
> Follow these instructions.
>
>
> >
> > Now, judging from the official Tomcat documentation in
> > https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
> that I
> > first need to conver the .crt files provided by GoDaddy to PKCS12 format
> --
> > I wonder then why the instructions in GoDaddy's website state other
> thing!
> >
>
> There's more than one way to do this.  If you started out by following the
> GoDaddy instructions to generate your CSR, then continue to follow them to
> import your signed certificate.
>
>
> >
> > But then I read this piece of documentation that left me completely
> > bewildered:
> > To import an existing certificate signed by your own CA into a PKCS12
> > keystore using OpenSSL you would execute a command like:
> >
> > openssl pkcs12 -export -in mycert.crt -inkey mykey.key
> >                        -out mycert.p12 -name tomcat -CAfile myCA.crt
> >                        -caname root -chain
> >
> > In this example there's a reference to a 'mykey.key' file that I don't
> > have a clue how to obtain it or from where it comes since when I
> > download the certificates provided by GoDaddy, there's no such .key
> > file: I can download several different types of certificates in .crt
> > format but there isn't any .key file to download.
> >
>
> This has to do with the way that you generated the CSR.  The GoDaddy
> instructions have you using keytool and a keystore.  In this case, your
> private key will exist in the keystore, so you won't have a .key file and
> that's OK.
>
>
> >
> > I tried contacting their support and well, they weren't any helpful at
> > all, they pointed me to the repository where all the certificates are
> > stored and told me to 'find someone that knows how to handle them' --
> > thanks for nothing :(
> >
> > Finally I want to say that I have Tomcat running smooth at port 8080,
> > I even configured an administrator user to access the status page
> > which works perfectly, my problem is that I just can't find how to
> > properly install and configure the SSL.
> >
>
> Follow the GoDaddy instructions.  They should work.  If you get stuck on a
> specific step, let us know.
>
> Dan
>
>
> >
> > What I'm not sure though is what part or steps I'm missing, I believe
> > this has to be much more simpler that it's been so far for me but
> > seriously I can't wrap my mind around it.
> >
> > Thank you very much for taking the time to read this n00b's help scream.
> >
> > Best regards,
> > -Conor
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message