On Mon, May 30, 2016 at 11:26 PM, Conor Skyler <conorsky...@gmail.com>
wrote:
Hello list,
I'm trying to install the certificates I bought from GoDaddy into my
Tomcat
server, however so far I've been unsuccessful to achieve this.
My system specs are:
OS: Amazon Linux (fully updated)
Tomcat version: 8.0.32, installed from the repos
Java version: $ java -version
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
To install the certificates I followed this tutorial from GoDaddy
website:
https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
which explains how to create a KeyStore and configure the <Connector> in
the server.xml file.
Follow these instructions.
Now, judging from the official Tomcat documentation in
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
that I
first need to conver the .crt files provided by GoDaddy to PKCS12
format --
I wonder then why the instructions in GoDaddy's website state other
thing!
There's more than one way to do this. If you started out by following the
GoDaddy instructions to generate your CSR, then continue to follow them to
import your signed certificate.
But then I read this piece of documentation that left me completely
bewildered:
To import an existing certificate signed by your own CA into a PKCS12
keystore using OpenSSL you would execute a command like:
openssl pkcs12 -export -in mycert.crt -inkey mykey.key
-out mycert.p12 -name tomcat -CAfile myCA.crt
-caname root -chain
In this example there's a reference to a 'mykey.key' file that I don't
have a clue how to obtain it or from where it comes since when I
download the certificates provided by GoDaddy, there's no such .key
file: I can download several different types of certificates in .crt
format but there isn't any .key file to download.
This has to do with the way that you generated the CSR. The GoDaddy
instructions have you using keytool and a keystore. In this case, your
private key will exist in the keystore, so you won't have a .key file and
that's OK.
I tried contacting their support and well, they weren't any helpful at
all, they pointed me to the repository where all the certificates are
stored and told me to 'find someone that knows how to handle them' --
thanks for nothing :(
Finally I want to say that I have Tomcat running smooth at port 8080,
I even configured an administrator user to access the status page
which works perfectly, my problem is that I just can't find how to
properly install and configure the SSL.
Follow the GoDaddy instructions. They should work. If you get stuck on a
specific step, let us know.
Dan
What I'm not sure though is what part or steps I'm missing, I believe
this has to be much more simpler that it's been so far for me but
seriously I can't wrap my mind around it.
Thank you very much for taking the time to read this n00b's help scream.
Best regards,
-Conor
