On Thu, Aug 24, 2017 at 4:29 PM, Christopher Schultz
<ch...@christopherschultz.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Chris,
>
> On 8/24/17 4:03 PM, Chris Cheshire wrote:
> > Cheers :)
> >
> > On Thu, Aug 24, 2017 at 3:35 PM, Mark Thomas <ma...@apache.org>
> > wrote:
> >
> >> On 24/08/17 19:50, Chris Cheshire wrote:
> >>> Currently I am using httpd to handle SSL (because my certs are
> >>> generated via LE) with all content being passed off to Tomcat 7
> >>> (investigating 8.5 upgrade).
> >>>
> >>> I had a poke around on the archives and found mention of a talk
> >>> on it in
> >> a
> >>> conference in Miami.
> >>>
> >>> http://tomcat.10.x6.nabble.com/Dynamic-reloading-of-SSL-
> >> certificates-tt5059619.html#a5059673
> >>>
> >>> Did this happen? I looked in the Tomcat youtube channel and
> >>> found a
> >> handful
> >>> of videos from there, but nothing on LE. Is it something that
> >>> is still in the "we'd like to find time to do it, but don't
> >>> know who or when" phase,
> >> or
> >>> something that is being worked on for Tomcat 9?
> >>
> >> We only had video for the final day in Miami. But we have audio
> >> for the others.
> >>
> >> http://tomcat.apache.org/presentations.html
>
> There are two items here:
>
> 1. Can Tomcat be configured and scripted for LE (pretty easy)
> 2. Tomcat can (with caveats) reload the certificate store
>
> I have not made any progress on #2. The Tomcat/LE presentation in the
> above link mentions we'll be trying to implement seamless reloading,
> but it's not done, yet. The presentation shows you how to reload it in
> a potentially disruptive way (because the connector is stopped and
> re-started, killing any in-flight requests).
>
> So it's not great, but it IS possible.
>
> - -chris


Just finished listening to your audio and following the slides. Thank
you for making these available.

Tomcat 9.0 supports .pem files, correct? What about 8.5? (I am still
using 7 and working on upgrading). With this support, does this mean
we would just reference the files certbot produces without repackaging
them into a JKS?


Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to