tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Dale <jcdw...@gmail.com>
Subject Re: Wildcard certificates
Date Wed, 17 Apr 2019 19:54:06 GMT
I manage dozens of contexts/domains using loosely coupled code.

Chris - of course it's amazing.  I would also call it super and profound. :)

I am in the middle of some TI at our office today .. can't really stop
to do this.

I have the code used to identify and validate the certbot requests and
a few scripts that use the certbot to do the work.

Come to think of it,  my certs will need renewal soon.  I'll take a
pass over what I have and send it out after I renew .. thank you for
your patience.

John


On 4/17/19, Christopher Schultz <chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> To whom it may concern,
>
> On 4/17/19 10:22, TurboChargedDad . wrote:
>> I would have the opposite feeling.  I would not want a java process
>>  parked out in the internet.  Not saying you're wrong just my
>> personal feeling.
> It would be interesting to compare the number of remotely-exploitable
> vulnerabilities there have been in e.g. httpd versus e.g. Tomcat in a
> given period of time. My guess is that the Java-based servers have had
> a better track record. The difference is that typically if you own a
> web server, you just own the web server. But if you own an application
> server, you typically get access to lots of great stuff like the
> application's database.
>
>> Maybe things have shifted in a different direction over the year.
> Any particular year?
>
>> I do agree that something like that would be helpful to other
>> tomcat admins.  Would you consider putting it into github ?
> certbot does almost everything you need. There is also this:
> https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encrypt
> %20Apache%20Tomcat.pdf
>
> So unless John has done something truly amazing, maybe adding more
> tools to what MUST be a secure toolchain isn't a great move.
>
> - -chris
>
>> On Wed, Apr 17, 2019 at 9:18 AM John Dale <jcdwrrc@gmail.com>
>> wrote:
>>
>>> I have a really nice process that works great with certbot.
>>> Single command to renew all of my certs and I'm finished.
>>>
>>> I get some piece of mind having a Java process guarding the
>>> front door.  Seems to be more impervious to overflows.  What am I
>>> missing?
>>>
>>> I think what I have might be easily developed into something to
>>> help other Tomcat users.
>>>
>>> On 4/17/19, TurboChargedDad . <linuxhpceng@gmail.com> wrote:
>>>> We terminated SSL above the tomcat layer using NGINX or Apache
>>>> to avoid the complexities that come with managing a JKS.  I
>>>> want to hear all I can on this subject.
>>>>
>>>
>>> ---------------------------------------------------------------------
>>>
>>>
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly3WFMACgkQHPApP6U8
> pFjFUA//Q5HiqvarK/NO/o2tjtVUVs75RJaTEao7T1eUCwMIf/F9nkpZpNG8TxK7
> slT0zu3GMaB5+Z5PK753M3+vZ9nytbat4ODbUNpUMrqeT1/U0eaF1LdbY0jeUmKH
> hmzQFTtLEtJ9mMYn+KJ3sA8D3sIECWwFuKD+BdYmOkzAZn37HlzyI+1CMr4mEA6C
> LnhlD/hEeG4HiO5FtE4BxRKZ0vcLhBp10/m27E6j6KDiiwT7+tlNfwD53S5P94vv
> f/FbwSP8GJfkFu13ot+ce1IVerMNpMpc6nay1efJmYtT4oHyNP0YUVMZyN8YyCTO
> 5yiLYOj8yXLxLatdKBWJ+1fsqd5DXuOEv0KmaIaqi3pLHg5oJQp5CtsLKTSFVTmV
> FBoWew1JFhh5DBI27uJntGzlwIGjKAq7Cq0qitL2gVCiDr6HFaI/gkvVriDjoZL/
> L3E5JDSpYL/iSzBeBd5qKbGVz7+/bdsHoxdHGRFrvcNYyPZIT871bVoNjvyaSFsM
> KZGYcgZgruzN6hT3+jmJpHHoINb+XQeViM140HvYJP1zrcyCZ9ejqpw1BSB+WbT0
> OutjYugoJwORD2SWFTXAc5g6flP5I6JYogexzlj0UPx6v0969I6OBPkLRyMzyKnr
> RTSLV2mYJifNFjLvJ98blhhRmZG3BgAJR4ussur1NTZzs6I03Bc=
> =4l6s
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message