Re: letsencrypt integration?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris, On 8/24/17 5:14 PM, Chris Cheshire wrote: > On Thu, Aug 24, 2017 at 4:29 PM, Christopher Schultz > wrote: >> >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 >> >> Chris, >> >> On 8/24/17 4:03 PM, Chris Cheshire wrote: >>> Cheers :) >>> >>> On Thu, Aug 24, 2017 at 3:35 PM, Mark Thomas >>> wrote: >>> On 24/08/17 19:50, Chris Cheshire wrote: > Currently I am using httpd to handle SSL (because my certs > are generated via LE) with all content being passed off to > Tomcat 7 (investigating 8.5 upgrade). > > I had a poke around on the archives and found mention of a > talk on it in a > conference in Miami. > > http://tomcat.10.x6.nabble.com/Dynamic-reloading-of-SSL- certificates-tt5059619.html#a5059673 > > Did this happen? I looked in the Tomcat youtube channel > and found a handful > of videos from there, but nothing on LE. Is it something > that is still in the "we'd like to find time to do it, but > don't know who or when" phase, or > something that is being worked on for Tomcat 9? We only had video for the final day in Miami. But we have audio for the others. http://tomcat.apache.org/presentations.html >> >> There are two items here: >> >> 1. Can Tomcat be configured and scripted for LE (pretty easy) 2. >> Tomcat can (with caveats) reload the certificate store >> >> I have not made any progress on #2. The Tomcat/LE presentation in >> the above link mentions we'll be trying to implement seamless >> reloading, but it's not done, yet. The presentation shows you how >> to reload it in a potentially disruptive way (because the >> connector is stopped and re-started, killing any in-flight >> requests). >> >> So it's not great, but it IS possible. >> >> - -chris > > > Just finished listening to your audio and following the slides. > Thank you for making these available. > > Tomcat 9.0 supports .pem files, correct? What about 8.5? (I am > still using 7 and working on upgrading). Both 8.5 and 9.0 support using PEM files. > With this support, does this mean we would just reference the > files certbot produces without repackaging them into a JKS? Yes, but the connector will still need to be bounced, of course. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZoCEsAAoJEBzwKT+lPKRYt3UP/iBkVaDo8qfI4TqPeB1cq1tV MjbqnLeFqtkHeByicwHuVmMHMpqlvLqYpvBfMMlCwWbr6bzMAaCrjNz7i9ggROua ZJ1n/Dhu5evgjtE3/Dm1m6byzXTM+my4kfKEEBamUn61YZsJOoIzTEOxi8MXebYd 9DATZLxNsB5k7zManvjQIhwxr64XLUyqFIMRwgr/XpIW6II69Up/4piyyXc5xO5s xy0zQ2J82Tk6ZLEa9LWYhN6C7OtqJacoaK+ae7Yo7YSEj2JsG6wMSHAHOdnPbIzE BOhBG10/6J+VkPTKSceB9wdOVZ1UssFeeqyVPJHjOrnyKRGqhz8m/WfSfll57SrJ EysBBiIm+TBbBZtnNgsYJI55k62lTZrShixbYFJ2uyii7f2yWO9K28rd8Xq8hP0v QBBVQ704WiC87E1A34puAi05Am3GR/5q+a92HM2XJ46fhefe85nxX0o3h8gx76ip 91o6R8xUlbycrLtBk9vFN4OL/qM0DhUUrLSO9hldaAWleMvJFM2L/T33VtZ14ZpV 9eMgNc5kDhZeuQnCRiYVBnH2Po5EsIqsXJImxGzp5ODYxZTZtgzzSUOs8FFOlp/s fIZAq9EdCzboMMRed35Bfw2eRvu8AzpCqA7bBl7K6tY3qiacNR8oApJS5+MQI+xb laR2kupqCZjFX3VrOCtu =qjBm -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: letsencrypt integration?
On Thu, Aug 24, 2017 at 4:29 PM, Christopher Schultz wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Chris, > > On 8/24/17 4:03 PM, Chris Cheshire wrote: > > Cheers :) > > > > On Thu, Aug 24, 2017 at 3:35 PM, Mark Thomas > > wrote: > > > >> On 24/08/17 19:50, Chris Cheshire wrote: > >>> Currently I am using httpd to handle SSL (because my certs are > >>> generated via LE) with all content being passed off to Tomcat 7 > >>> (investigating 8.5 upgrade). > >>> > >>> I had a poke around on the archives and found mention of a talk > >>> on it in > >> a > >>> conference in Miami. > >>> > >>> http://tomcat.10.x6.nabble.com/Dynamic-reloading-of-SSL- > >> certificates-tt5059619.html#a5059673 > >>> > >>> Did this happen? I looked in the Tomcat youtube channel and > >>> found a > >> handful > >>> of videos from there, but nothing on LE. Is it something that > >>> is still in the "we'd like to find time to do it, but don't > >>> know who or when" phase, > >> or > >>> something that is being worked on for Tomcat 9? > >> > >> We only had video for the final day in Miami. But we have audio > >> for the others. > >> > >> http://tomcat.apache.org/presentations.html > > There are two items here: > > 1. Can Tomcat be configured and scripted for LE (pretty easy) > 2. Tomcat can (with caveats) reload the certificate store > > I have not made any progress on #2. The Tomcat/LE presentation in the > above link mentions we'll be trying to implement seamless reloading, > but it's not done, yet. The presentation shows you how to reload it in > a potentially disruptive way (because the connector is stopped and > re-started, killing any in-flight requests). > > So it's not great, but it IS possible. > > - -chris Just finished listening to your audio and following the slides. Thank you for making these available. Tomcat 9.0 supports .pem files, correct? What about 8.5? (I am still using 7 and working on upgrading). With this support, does this mean we would just reference the files certbot produces without repackaging them into a JKS? Chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: letsencrypt integration?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris, On 8/24/17 4:03 PM, Chris Cheshire wrote: > Cheers :) > > On Thu, Aug 24, 2017 at 3:35 PM, Mark Thomas > wrote: > >> On 24/08/17 19:50, Chris Cheshire wrote: >>> Currently I am using httpd to handle SSL (because my certs are >>> generated via LE) with all content being passed off to Tomcat 7 >>> (investigating 8.5 upgrade). >>> >>> I had a poke around on the archives and found mention of a talk >>> on it in >> a >>> conference in Miami. >>> >>> http://tomcat.10.x6.nabble.com/Dynamic-reloading-of-SSL- >> certificates-tt5059619.html#a5059673 >>> >>> Did this happen? I looked in the Tomcat youtube channel and >>> found a >> handful >>> of videos from there, but nothing on LE. Is it something that >>> is still in the "we'd like to find time to do it, but don't >>> know who or when" phase, >> or >>> something that is being worked on for Tomcat 9? >> >> We only had video for the final day in Miami. But we have audio >> for the others. >> >> http://tomcat.apache.org/presentations.html There are two items here: 1. Can Tomcat be configured and scripted for LE (pretty easy) 2. Tomcat can (with caveats) reload the certificate store I have not made any progress on #2. The Tomcat/LE presentation in the above link mentions we'll be trying to implement seamless reloading, but it's not done, yet. The presentation shows you how to reload it in a potentially disruptive way (because the connector is stopped and re-started, killing any in-flight requests). So it's not great, but it IS possible. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZnzcTAAoJEBzwKT+lPKRYfWYQALNPjuHyvxRFXucEfRAWiPNH XhLlu5cA2l0Cc5ZrvgwWbws4Ljyg7OSaE3xPI3hUSL6k4PT92KQpNnq7zJXNVOqc zr/vD51KpvXxWJMJKIN2xWvGqdTLY2PsMPIn3LvG+QwC11iD4c+EC0dsMyDJR58/ wd5twkH8Hx+ucGugodkC7uVlgAr5K7xdmRGVBiUgACIzBEfuwyi/CsaQG6fzWPWa KVUDxcpgP1lIe3k+8EbuD2lEwtaH8wprLr9J58bjclrbB+XNwP/hmJgLQUnG4rkp s824HwNbn+zVE8rTPOQHgh51nhC0lFgo+QCrIKffE7Z6IkIKpTlugrCoA3TO6l4p pQOC72FcDP2vR0oNTT7CipCcvNEqqTnANuowAV6EK3ObFGtdwYI7LSJ4heVBRqet 8AJCiGXypw84SDVFOOC479vZjzMtIAQUgr0kTTIck/TTp/Rd7Y9Qgf+BqxOFw4oL dcOp1Ndx8aYEuX8SON2BSw/Il79v5CH/p9f4IkC7untScu2piI65GmFCXUqKA46h kVpIF+7hCz88A4B/XQOMyUuhW5uiAb/OXxWWgSkxlyU9QaVwe3gNy5Nzka+RfMB1 W9Z3C8nsjz3O3D/GNPyqLdFn3QsCTq6U4Tu0XraJLe/jGMjzmkzva7Zhie2PXEyl 6u06+djW9i8p9OmO5GEo =ZQlB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: letsencrypt integration?
Cheers :) On Thu, Aug 24, 2017 at 3:35 PM, Mark Thomas wrote: > On 24/08/17 19:50, Chris Cheshire wrote: > > Currently I am using httpd to handle SSL (because my certs are generated > > via LE) with all content being passed off to Tomcat 7 (investigating 8.5 > > upgrade). > > > > I had a poke around on the archives and found mention of a talk on it in > a > > conference in Miami. > > > > http://tomcat.10.x6.nabble.com/Dynamic-reloading-of-SSL- > certificates-tt5059619.html#a5059673 > > > > Did this happen? I looked in the Tomcat youtube channel and found a > handful > > of videos from there, but nothing on LE. Is it something that is still in > > the "we'd like to find time to do it, but don't know who or when" phase, > or > > something that is being worked on for Tomcat 9? > > We only had video for the final day in Miami. But we have audio for the > others. > > http://tomcat.apache.org/presentations.html > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: letsencrypt integration?
On 24/08/17 19:50, Chris Cheshire wrote: > Currently I am using httpd to handle SSL (because my certs are generated > via LE) with all content being passed off to Tomcat 7 (investigating 8.5 > upgrade). > > I had a poke around on the archives and found mention of a talk on it in a > conference in Miami. > > http://tomcat.10.x6.nabble.com/Dynamic-reloading-of-SSL-certificates-tt5059619.html#a5059673 > > Did this happen? I looked in the Tomcat youtube channel and found a handful > of videos from there, but nothing on LE. Is it something that is still in > the "we'd like to find time to do it, but don't know who or when" phase, or > something that is being worked on for Tomcat 9? We only had video for the final day in Miami. But we have audio for the others. http://tomcat.apache.org/presentations.html Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: letsencrypt integration?
Hi, we have made a Docker image that configures Tomcat with LE certs: https://hub.docker.com/r/atomgraph/letsencrypt-tomcat/ It hasn't been tested in production though. Martynas atomgraph.com On Thu, 24 Aug 2017 at 20.50, Chris Cheshire wrote: > Currently I am using httpd to handle SSL (because my certs are generated > via LE) with all content being passed off to Tomcat 7 (investigating 8.5 > upgrade). > > I had a poke around on the archives and found mention of a talk on it in a > conference in Miami. > > > http://tomcat.10.x6.nabble.com/Dynamic-reloading-of-SSL-certificates-tt5059619.html#a5059673 > > Did this happen? I looked in the Tomcat youtube channel and found a handful > of videos from there, but nothing on LE. Is it something that is still in > the "we'd like to find time to do it, but don't know who or when" phase, or > something that is being worked on for Tomcat 9? >
letsencrypt integration?
Currently I am using httpd to handle SSL (because my certs are generated via LE) with all content being passed off to Tomcat 7 (investigating 8.5 upgrade). I had a poke around on the archives and found mention of a talk on it in a conference in Miami. http://tomcat.10.x6.nabble.com/Dynamic-reloading-of-SSL-certificates-tt5059619.html#a5059673 Did this happen? I looked in the Tomcat youtube channel and found a handful of videos from there, but nothing on LE. Is it something that is still in the "we'd like to find time to do it, but don't know who or when" phase, or something that is being worked on for Tomcat 9?