Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)
Hello Pierre, Yes, I contacted the technical support at GoDaddy and then basically told me that I'm on my own and that I should find someone that knows how to handle the configuration -- that's all the aid they gave me. I think that there two separate problems here. First one, the mismatch between the files I receive zipped and the ones referred in the website when it reads: "The file names for your root and intermediate certificates depend on your signature algorithm. - SHA-1 root certificate: gd_class2_root.crt - SHA-2 root certificate: gdroot-g2.crt - SHA-1 intermediate certificate: gd.intermediate.crt - SHA-2 intermediate certificate: gdig2.crt - (*Java 6/7 only*) SHA-2 Root Certificate: gdroot-g2_cross.crt" But the files I get when I unzip the downloaded archive are: my_certificate.crt gd_bundle-g2-g1.crt gdig2.crt So first thing here is that I don't how to use them when following the instructions stated on the site (the only one I can identify is my_certificate.crt). With the second issue my guess is that it might be related to the KeyStore file not holding the private key: I wasn't given the original tomcat.keystore file (following the example on GoDaddy's website) so here I'm starting from the scratch, generating a new KeyStore. What I have though is a PEM file from the person I presume the .csr request file; is there a way to add it to the KeyStore file I create when following the instructions on GoDaddy's site? Thank you very much for stepping in! -Conor On Fri, Jun 3, 2016 at 6:09 PM, Hardibo Pierre-Jean <cont...@hardibopj.com> wrote: > there's all here no ? > > https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239 > > Le 03/06/2016 22:37, Conor Skyler a écrit : > >> Hi again, >> >> At this point I don't know what else to try: I carefully gone through the >> process stated at GoDaddy's website once again trying different >> combinations with the certificates (as the instructions provided by >> GoDaddy >> doesn't match the certificates you download) but the result was the same >> as before, it didn't work. >> >> Early today I found this post in StackOverflow: >> >> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr >> which somehow brought some hope to me as the title states literally the >> issue I'm having: ' >> >> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt >> ' >> >> Sadly after trying everything what's shown there and reading tons of stuff >> I still can't make the KeyStore work with my Tomcat server. >> >> Any help will be greatly appreciated. >> -Conor >> >> >> >> On Wed, Jun 1, 2016 at 6:12 PM, Conor Skyler <conorsky...@gmail.com> >> wrote: >> >> Hi Daniel, >>> >>> Thank you very much for stepping in, I’m processing a new set of >>> certificates that I hope to try tomorrow. >>> >>> Warm regards, >>> -Conor >>> >>> >>> On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa <dmik...@pivotal.io> >>> wrote: >>> >>> On Mon, May 30, 2016 at 11:26 PM, Conor Skyler <conorsky...@gmail.com> >>>> wrote: >>>> >>>> Hello list, >>>>> >>>>> I'm trying to install the certificates I bought from GoDaddy into my >>>>> >>>> Tomcat >>>> >>>>> server, however so far I've been unsuccessful to achieve this. >>>>> >>>>> My system specs are: >>>>> OS: Amazon Linux (fully updated) >>>>> Tomcat version: 8.0.32, installed from the repos >>>>> Java version: $ java -version >>>>> openjdk version "1.8.0_91" >>>>> OpenJDK Runtime Environment (build 1.8.0_91-b14) >>>>> OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode) >>>>> >>>>> To install the certificates I followed this tutorial from GoDaddy >>>>> >>>> website: >>>> >>>>> >>>>> >>>> https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239 >>>> >>>>> which explains how to create a KeyStore and configure the >>>>> in >>>>> the server.xml file. >>>>> >>>>> Follow these instructions. >>>> >>>> >>>> Now, judging from the official Tomcat documentation in >>>>> https://tomcat.apache.org/tomca
Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)
Hi again, At this point I don't know what else to try: I carefully gone through the process stated at GoDaddy's website once again trying different combinations with the certificates (as the instructions provided by GoDaddy doesn't match the certificates you download) but the result was the same as before, it didn't work. Early today I found this post in StackOverflow: http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr which somehow brought some hope to me as the title states literally the issue I'm having: ' http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt ' Sadly after trying everything what's shown there and reading tons of stuff I still can't make the KeyStore work with my Tomcat server. Any help will be greatly appreciated. -Conor On Wed, Jun 1, 2016 at 6:12 PM, Conor Skyler <conorsky...@gmail.com> wrote: > Hi Daniel, > > Thank you very much for stepping in, I’m processing a new set of > certificates that I hope to try tomorrow. > > Warm regards, > -Conor > > > On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa <dmik...@pivotal.io> wrote: > >> On Mon, May 30, 2016 at 11:26 PM, Conor Skyler <conorsky...@gmail.com> >> wrote: >> >> > Hello list, >> > >> > I'm trying to install the certificates I bought from GoDaddy into my >> Tomcat >> > server, however so far I've been unsuccessful to achieve this. >> > >> > My system specs are: >> > OS: Amazon Linux (fully updated) >> > Tomcat version: 8.0.32, installed from the repos >> > Java version: $ java -version >> > openjdk version "1.8.0_91" >> > OpenJDK Runtime Environment (build 1.8.0_91-b14) >> > OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode) >> > >> > To install the certificates I followed this tutorial from GoDaddy >> website: >> > >> > >> https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239 >> > which explains how to create a KeyStore and configure the in >> > the server.xml file. >> > >> >> Follow these instructions. >> >> >> > >> > Now, judging from the official Tomcat documentation in >> > https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated >> that I >> > first need to conver the .crt files provided by GoDaddy to PKCS12 >> format -- >> > I wonder then why the instructions in GoDaddy's website state other >> thing! >> > >> >> There's more than one way to do this. If you started out by following the >> GoDaddy instructions to generate your CSR, then continue to follow them to >> import your signed certificate. >> >> >> > >> > But then I read this piece of documentation that left me completely >> > bewildered: >> > To import an existing certificate signed by your own CA into a PKCS12 >> > keystore using OpenSSL you would execute a command like: >> > >> > openssl pkcs12 -export -in mycert.crt -inkey mykey.key >> >-out mycert.p12 -name tomcat -CAfile myCA.crt >> >-caname root -chain >> > >> > In this example there's a reference to a 'mykey.key' file that I don't >> > have a clue how to obtain it or from where it comes since when I >> > download the certificates provided by GoDaddy, there's no such .key >> > file: I can download several different types of certificates in .crt >> > format but there isn't any .key file to download. >> > >> >> This has to do with the way that you generated the CSR. The GoDaddy >> instructions have you using keytool and a keystore. In this case, your >> private key will exist in the keystore, so you won't have a .key file and >> that's OK. >> >> >> > >> > I tried contacting their support and well, they weren't any helpful at >> > all, they pointed me to the repository where all the certificates are >> > stored and told me to 'find someone that knows how to handle them' -- >> > thanks for nothing :( >> > >> > Finally I want to say that I have Tomcat running smooth at port 8080, >> > I even configured an administrator user to access the status page >> > which works perfectly, my problem is that I just can't find how to >> > properly install and configure the SSL. >> > >> >> Follow the GoDaddy instructions. They should work. If you get stuck on a >> specific step, let us know. >> >> Dan >> >> >> > >> > What I'm not sure though is what part or steps I'm missing, I believe >> > this has to be much more simpler that it's been so far for me but >> > seriously I can't wrap my mind around it. >> > >> > Thank you very much for taking the time to read this n00b's help scream. >> > >> > Best regards, >> > -Conor >> > >> > >
Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)
Hi Daniel, Thank you very much for stepping in, I’m processing a new set of certificates that I hope to try tomorrow. Warm regards, -Conor On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa <dmik...@pivotal.io> wrote: > On Mon, May 30, 2016 at 11:26 PM, Conor Skyler <conorsky...@gmail.com> > wrote: > > > Hello list, > > > > I'm trying to install the certificates I bought from GoDaddy into my > Tomcat > > server, however so far I've been unsuccessful to achieve this. > > > > My system specs are: > > OS: Amazon Linux (fully updated) > > Tomcat version: 8.0.32, installed from the repos > > Java version: $ java -version > > openjdk version "1.8.0_91" > > OpenJDK Runtime Environment (build 1.8.0_91-b14) > > OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode) > > > > To install the certificates I followed this tutorial from GoDaddy > website: > > > > > https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239 > > which explains how to create a KeyStore and configure the in > > the server.xml file. > > > > Follow these instructions. > > > > > > Now, judging from the official Tomcat documentation in > > https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated > that I > > first need to conver the .crt files provided by GoDaddy to PKCS12 format > -- > > I wonder then why the instructions in GoDaddy's website state other > thing! > > > > There's more than one way to do this. If you started out by following the > GoDaddy instructions to generate your CSR, then continue to follow them to > import your signed certificate. > > > > > > But then I read this piece of documentation that left me completely > > bewildered: > > To import an existing certificate signed by your own CA into a PKCS12 > > keystore using OpenSSL you would execute a command like: > > > > openssl pkcs12 -export -in mycert.crt -inkey mykey.key > >-out mycert.p12 -name tomcat -CAfile myCA.crt > >-caname root -chain > > > > In this example there's a reference to a 'mykey.key' file that I don't > > have a clue how to obtain it or from where it comes since when I > > download the certificates provided by GoDaddy, there's no such .key > > file: I can download several different types of certificates in .crt > > format but there isn't any .key file to download. > > > > This has to do with the way that you generated the CSR. The GoDaddy > instructions have you using keytool and a keystore. In this case, your > private key will exist in the keystore, so you won't have a .key file and > that's OK. > > > > > > I tried contacting their support and well, they weren't any helpful at > > all, they pointed me to the repository where all the certificates are > > stored and told me to 'find someone that knows how to handle them' -- > > thanks for nothing :( > > > > Finally I want to say that I have Tomcat running smooth at port 8080, > > I even configured an administrator user to access the status page > > which works perfectly, my problem is that I just can't find how to > > properly install and configure the SSL. > > > > Follow the GoDaddy instructions. They should work. If you get stuck on a > specific step, let us know. > > Dan > > > > > > What I'm not sure though is what part or steps I'm missing, I believe > > this has to be much more simpler that it's been so far for me but > > seriously I can't wrap my mind around it. > > > > Thank you very much for taking the time to read this n00b's help scream. > > > > Best regards, > > -Conor > > >
Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)
Hello list, I'm trying to install the certificates I bought from GoDaddy into my Tomcat server, however so far I've been unsuccessful to achieve this. My system specs are: OS: Amazon Linux (fully updated) Tomcat version: 8.0.32, installed from the repos Java version: $ java -version openjdk version "1.8.0_91" OpenJDK Runtime Environment (build 1.8.0_91-b14) OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode) To install the certificates I followed this tutorial from GoDaddy website: https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239 which explains how to create a KeyStore and configure the in the server.xml file. Now, judging from the official Tomcat documentation in https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated that I first need to conver the .crt files provided by GoDaddy to PKCS12 format -- I wonder then why the instructions in GoDaddy's website state other thing! But then I read this piece of documentation that left me completely bewildered: To import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL you would execute a command like: openssl pkcs12 -export -in mycert.crt -inkey mykey.key -out mycert.p12 -name tomcat -CAfile myCA.crt -caname root -chain In this example there's a reference to a 'mykey.key' file that I don't have a clue how to obtain it or from where it comes since when I download the certificates provided by GoDaddy, there's no such .key file: I can download several different types of certificates in .crt format but there isn't any .key file to download. I tried contacting their support and well, they weren't any helpful at all, they pointed me to the repository where all the certificates are stored and told me to 'find someone that knows how to handle them' -- thanks for nothing :( Finally I want to say that I have Tomcat running smooth at port 8080, I even configured an administrator user to access the status page which works perfectly, my problem is that I just can't find how to properly install and configure the SSL. What I'm not sure though is what part or steps I'm missing, I believe this has to be much more simpler that it's been so far for me but seriously I can't wrap my mind around it. Thank you very much for taking the time to read this n00b's help scream. Best regards, -Conor