-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Chris,

On 8/24/17 5:14 PM, Chris Cheshire wrote:
> On Thu, Aug 24, 2017 at 4:29 PM, Christopher Schultz 
> <ch...@christopherschultz.net> wrote:
>> 
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>> 
>> Chris,
>> 
>> On 8/24/17 4:03 PM, Chris Cheshire wrote:
>>> Cheers :)
>>> 
>>> On Thu, Aug 24, 2017 at 3:35 PM, Mark Thomas
>>> <ma...@apache.org> wrote:
>>> 
>>>> On 24/08/17 19:50, Chris Cheshire wrote:
>>>>> Currently I am using httpd to handle SSL (because my certs
>>>>> are generated via LE) with all content being passed off to
>>>>> Tomcat 7 (investigating 8.5 upgrade).
>>>>> 
>>>>> I had a poke around on the archives and found mention of a
>>>>> talk on it in
>>>> a
>>>>> conference in Miami.
>>>>> 
>>>>> http://tomcat.10.x6.nabble.com/Dynamic-reloading-of-SSL-
>>>> certificates-tt5059619.html#a5059673
>>>>> 
>>>>> Did this happen? I looked in the Tomcat youtube channel
>>>>> and found a
>>>> handful
>>>>> of videos from there, but nothing on LE. Is it something
>>>>> that is still in the "we'd like to find time to do it, but
>>>>> don't know who or when" phase,
>>>> or
>>>>> something that is being worked on for Tomcat 9?
>>>> 
>>>> We only had video for the final day in Miami. But we have
>>>> audio for the others.
>>>> 
>>>> http://tomcat.apache.org/presentations.html
>> 
>> There are two items here:
>> 
>> 1. Can Tomcat be configured and scripted for LE (pretty easy) 2.
>> Tomcat can (with caveats) reload the certificate store
>> 
>> I have not made any progress on #2. The Tomcat/LE presentation in
>> the above link mentions we'll be trying to implement seamless
>> reloading, but it's not done, yet. The presentation shows you how
>> to reload it in a potentially disruptive way (because the
>> connector is stopped and re-started, killing any in-flight
>> requests).
>> 
>> So it's not great, but it IS possible.
>> 
>> - -chris
> 
> 
> Just finished listening to your audio and following the slides.
> Thank you for making these available.
> 
> Tomcat 9.0 supports .pem files, correct? What about 8.5? (I am
> still using 7 and working on upgrading).

Both 8.5 and 9.0 support using PEM files.

> With this support, does this mean we would just reference the
> files certbot produces without repackaging them into a JKS?
Yes, but the connector will still need to be bounced, of course.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZoCEsAAoJEBzwKT+lPKRYt3UP/iBkVaDo8qfI4TqPeB1cq1tV
MjbqnLeFqtkHeByicwHuVmMHMpqlvLqYpvBfMMlCwWbr6bzMAaCrjNz7i9ggROua
ZJ1n/Dhu5evgjtE3/Dm1m6byzXTM+my4kfKEEBamUn61YZsJOoIzTEOxi8MXebYd
9DATZLxNsB5k7zManvjQIhwxr64XLUyqFIMRwgr/XpIW6II69Up/4piyyXc5xO5s
xy0zQ2J82Tk6ZLEa9LWYhN6C7OtqJacoaK+ae7Yo7YSEj2JsG6wMSHAHOdnPbIzE
BOhBG10/6J+VkPTKSceB9wdOVZ1UssFeeqyVPJHjOrnyKRGqhz8m/WfSfll57SrJ
EysBBiIm+TBbBZtnNgsYJI55k62lTZrShixbYFJ2uyii7f2yWO9K28rd8Xq8hP0v
QBBVQ704WiC87E1A34puAi05Am3GR/5q+a92HM2XJ46fhefe85nxX0o3h8gx76ip
91o6R8xUlbycrLtBk9vFN4OL/qM0DhUUrLSO9hldaAWleMvJFM2L/T33VtZ14ZpV
9eMgNc5kDhZeuQnCRiYVBnH2Po5EsIqsXJImxGzp5ODYxZTZtgzzSUOs8FFOlp/s
fIZAq9EdCzboMMRed35Bfw2eRvu8AzpCqA7bBl7K6tY3qiacNR8oApJS5+MQI+xb
laR2kupqCZjFX3VrOCtu
=qjBm
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to