Re: Dynamic reloading of SSL certificates

On 30/06/18 16:27, Christopher Schultz wrote: > On 6/29/18 5:06 PM, Mark Thomas wrote: >> Ah! Those are only in 9.0.x. Are you looking at 8.5.x? It looks like a >> back-port is required. > > Yes, sorry, I am indeed looking at 8.5.x. Back-ports would be greatly > appreciated. Done. > As for th

Re: Dynamic reloading of SSL certificates

Mark, On 6/29/18 5:06 PM, Mark Thomas wrote: > On 29/06/18 21:58, Christopher Schultz wrote: >> On 6/27/18 4:59 PM, Mark Thomas wrote: >>> On 27/06/18 17:21, Christopher Schultz wrote: > > > any objection to taking this code and putting it into the Connector under the public method re

Re: Dynamic reloading of SSL certificates

On 29/06/18 21:58, Christopher Schultz wrote: > On 6/27/18 4:59 PM, Mark Thomas wrote: >> On 27/06/18 17:21, Christopher Schultz wrote: >>> any objection to taking this code and putting it into the >>> Connector under the public method reloadSSLHostConfig to make it (a) >>> accessible via JMX an

Re: Dynamic reloading of SSL certificates

Mark, On 6/27/18 4:59 PM, Mark Thomas wrote: > On 27/06/18 17:21, Christopher Schultz wrote: >> Romain, >> >> On 6/27/18 11:50 AM, Romain Manni-Bucau wrote: >>> up? any hope we have live reloading of certs in tomcat? >> >> Yup. Recent versions allow you to reload the SSLHostConfigs. >> >> I was ge

Re: Dynamic reloading of SSL certificates

On 27/06/18 17:21, Christopher Schultz wrote: > Romain, > > On 6/27/18 11:50 AM, Romain Manni-Bucau wrote: >> up? any hope we have live reloading of certs in tomcat? > > Yup. Recent versions allow you to reload the SSLHostConfigs. > > I was getting ready to update my presentation on Let's Encryp

Re: Dynamic reloading of SSL certificates

+1 for connectors IMHO Le mer. 27 juin 2018 18:21, Christopher Schultz < ch...@christopherschultz.net> a écrit : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Romain, > > On 6/27/18 11:50 AM, Romain Manni-Bucau wrote: > > up? any hope we have live reloading of certs in tomcat? > > Yup.

Re: Dynamic reloading of SSL certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Romain, On 6/27/18 11:50 AM, Romain Manni-Bucau wrote: > up? any hope we have live reloading of certs in tomcat? Yup. Recent versions allow you to reload the SSLHostConfigs. I was getting ready to update my presentation on Let's Encrypt, actually,

Re: Dynamic reloading of SSL certificates

up? any hope we have live reloading of certs in tomcat? Romain Manni-Bucau @rmannibucau | Blog | Old Blog | Github | LinkedIn

Re: Dynamic reloading of SSL certificates

Yes, if tomcat can supports hot reloading of certs it is very feasible: https://github.com/rmannibucau/letsencrypt-manager/blob/master/src/main/java/com/github/rmannibucau/letsencrypt/manager/LetsEncryptManager.java Romain Manni-Bucau @rmannibucau | Blog

Re: Dynamic reloading of SSL certificates

Le 02/01/2018 à 09:40, Romain Manni-Bucau a écrit : > up? I haven't got much time to look into this yet. However since Let's Encrypt client implementations in Java are starting to appear [1] I wonder if the certificate renewal process could be directly integrated into Tomcat instead of relying on

Re: Dynamic reloading of SSL certificates

up? Romain Manni-Bucau @rmannibucau | Blog | Old Blog | Github | LinkedIn 2017-09-05 16:41 GMT+02:00 Romain Manni-B

Re: Dynamic reloading of SSL certificates

Hello guys, wonder if this thread went anywhere? Would be very neat to have a let's encrypt integration (don't know if it would be a listener to declare to have automatic reloading or just a flag on the SSL config but it would ease deploying self hosted instances). Romain Manni-Bucau @rmannibuca

Re: Dynamic reloading of SSL certificates

Mark and Emmanuel, On 1/23/17 5:01 AM, Mark Thomas wrote: > On 23/01/2017 09:36, Emmanuel Bourg wrote: >> Hi all, >> >> With the fast adoption of Let's Encrypt many people are interested in >> integrating it with Tomcat. A first step was to ensure that Tomcat can >> directly use the PEM certificat

Re: Dynamic reloading of SSL certificates

On 23/01/2017 09:36, Emmanuel Bourg wrote: > Hi all, > > With the fast adoption of Let's Encrypt many people are interested in > integrating it with Tomcat. A first step was to ensure that Tomcat can > directly use the PEM certificates generated by the letsencrypt/certbot > client. An important as