Here is a mostly manual process for integration of certbot with tomcat
7.x.x. This presupposes you have certbot installed and working (I'm
using Debian):
--
// generate the certificates
./certbot-auto certonly
Exactly .. this is part of the solution. I am having tomcat behave
smartly in response to the certificate validation, and I have a nice
path to develop some cool tools, similar to HTTPD, around certbot (I
love that this is a free service, but I do have some concerns over
centralized CSA, so I do
On 4/17/19, Christopher Schultz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> John,
>
> On 4/17/19 10:42, John Dale wrote:
>> My understanding is that the folks at SUN really put their backs
>> into it from the beginning:
>>
I manage dozens of contexts/domains using loosely coupled code.
Chris - of course it's amazing. I would also call it super and profound. :)
I am in the middle of some TI at our office today .. can't really stop
to do this.
I have the code used to identify and validate the certbot requests and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
John,
On 4/17/19 10:42, John Dale wrote:
> My understanding is that the folks at SUN really put their backs
> into it from the beginning:
> https://stackoverflow.com/questions/479701/does-java-have-buffer-overf
lows
>
> Since hot spot compilers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
To whom it may concern,
On 4/17/19 10:22, TurboChargedDad . wrote:
> I would have the opposite feeling. I would not want a java process
> parked out in the internet. Not saying you're wrong just my
> personal feeling.
It would be interesting to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
To whom it may concern,
On 4/17/19 09:44, TurboChargedDad . wrote:
> We terminated SSL above the tomcat layer using NGINX or Apache to
> avoid the complexities that come with managing a JKS. I want to
> hear all I can on this subject.
It's not
On Wed, Apr 17, 2019 at 9:20 AM Sean Dawson
wrote:
>
> Hello, I have a widlcard certificate from GoDaddy. Can I use this with
> Tomcat? (8.5)
>
> I have the files crt (primary certificate?), p7b (intermediate?), pfx
> (private key?), and a .key file. I did not generate a certificate request
>
My understanding is that the folks at SUN really put their backs into
it from the beginning:
https://stackoverflow.com/questions/479701/does-java-have-buffer-overflows
Since hot spot compilers have matured, Java is virtually as fast as
C/++ (the Java is slow argument falls in my deaf ears, even
I would have the opposite feeling. I would not want a java process
parked out in the internet. Not saying you're wrong just my personal
feeling. Maybe things have shifted in a different direction over the
year. I do agree that something like that would be helpful to other tomcat
admins.
I have a really nice process that works great with certbot. Single
command to renew all of my certs and I'm finished.
I get some piece of mind having a Java process guarding the front
door. Seems to be more impervious to overflows. What am I missing?
I think what I have might be easily
Multi-tenant or single tenant system?
On Wed, Apr 17, 2019 at 8:54 AM Sean Dawson
wrote:
> Thanks for the replies - I'm willing to use NGINX to handle this for us -
> can you point me to a good page on that?
>
>
> On Wed, Apr 17, 2019 at 9:46 AM John Larsen
> wrote:
>
> > We do the same - via
Thanks for the replies - I'm willing to use NGINX to handle this for us -
can you point me to a good page on that?
On Wed, Apr 17, 2019 at 9:46 AM John Larsen
wrote:
> We do the same - via mod_jk we utilize apache httpd to handle the SSL.
> Keeps things simple and works well.
> John Larsen
>
>
We do the same - via mod_jk we utilize apache httpd to handle the SSL.
Keeps things simple and works well.
John Larsen
On Wed, Apr 17, 2019 at 7:44 AM TurboChargedDad .
wrote:
> We terminated SSL above the tomcat layer using NGINX or Apache to avoid
> the complexities that come with managing
We terminated SSL above the tomcat layer using NGINX or Apache to avoid
the complexities that come with managing a JKS. I want to hear all I can
on this subject.
15 matches
Mail list logo
