Re: SSL on Tomcat 9
I created the certificate a windows csr. I did find OpenSSL on our server and from there we were able to create the right type of .pem file for Tomcat to use. Thanks for everyone's help. Ron Boyer IT Director Information Technology Summit County, Utah Office: 435-336-3143 From: Mark Thomas Sent: Wednesday, October 9, 2024 10:48 AM To: users@tomcat.apache.org Subject: Re: SSL on Tomcat 9 [You don't often get email from ma...@apache.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] On 09/10/2024 07:47, Ron Boyer wrote: > hello, I am trying to renew the SSL certificate from a signing authority. I > am running Tomcat 9. I understand that I have to import PKCS #12 > certificate. I seem to be able to make one, but I don't think it is correct. > My signing authority, GoDaddy, will let me download a crt and pem file. From > the server.xml file I see there is only one entry that points to the keystore > of a PKCS #12 key. I don't know whether I need to import the certificate > with keytool or using the certificate snap-in with Windows Management > Console. Any advice? How did you create the private key (show us the command line if you can) and what format is the key in? If you followed an on-line guide (e.g. from GoDaddy) can you provide a reference to that? Why do you think what you are doing is incorrect? What is your TLS connector configuration (show use the XML but mask any sensitive information like passwords)? What do the logs show for that Connector when Tomcat starts? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL on Tomcat 9
Hello Ahmed, I have always used keytool on the web host. Can I run OpenSSL on another client and send the key to the webhost or does OpenSSL have to run on the webhost? From: Ahmed Ashour Sent: Wednesday, October 9, 2024 8:01 AM To: users@tomcat.apache.org Subject: Re: SSL on Tomcat 9 [You don't often get email from asash...@yahoo.com.invalid. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Hi, On windows, one can use OpenSSL to export the private key and certificate to .p12, then import that to the key store. openssl pkcs12 -export -in fullchain.pem -inkey privatekey.pem -out server.p12 -name tomcatkeytool -importkeystore -deststorepass changeit -destkeystore localhost-rsa.jks -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias tomcat Similar posts in https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fppm.softtek.com%2Fitg%2Fpdf%2Fmanual%2FContent%2FSA%2FInstallAdmin%2Fimport_existing_SSL.htm&data=05%7C02%7Crboyer%40summitcountyutah.gov%7Ca23b98c0ea3b4e2f4d9a08dce86b052d%7C497f0086ed7845149cc43715b1894e4e%7C0%7C0%7C638640793572493089%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=QH2sqNJnnDXp%2FUWLKCk0qb4T5GxoxamgRXtAPc6Qwto%3D&reserved=0<https://ppm.softtek.com/itg/pdf/manual/Content/SA/InstallAdmin/import_existing_SSL.htm> and How to import an existing SSL certificate for use in Tomcat | Atlassian Support | Atlassian Documentation | | | | How to import an existing SSL certificate for use in Tomcat | Atlassian ... | | | Hope that helps,Ahmed On Wednesday, October 9, 2024 at 03:47:49 PM GMT+2, Ron Boyer wrote: hello, I am trying to renew the SSL certificate from a signing authority. I am running Tomcat 9. I understand that I have to import PKCS #12 certificate. I seem to be able to make one, but I don't think it is correct. My signing authority, GoDaddy, will let me download a crt and pem file. From the server.xml file I see there is only one entry that points to the keystore of a PKCS #12 key. I don't know whether I need to import the certificate with keytool or using the certificate snap-in with Windows Management Console. Any advice?
SSL on Tomcat 9
hello, I am trying to renew the SSL certificate from a signing authority. I am running Tomcat 9. I understand that I have to import PKCS #12 certificate. I seem to be able to make one, but I don't think it is correct. My signing authority, GoDaddy, will let me download a crt and pem file. From the server.xml file I see there is only one entry that points to the keystore of a PKCS #12 key. I don't know whether I need to import the certificate with keytool or using the certificate snap-in with Windows Management Console. Any advice?
