-----BEGIN PGP SIGNED MESSAGE-----
On 8/24/17 5:14 PM, Chris Cheshire wrote:
> On Thu, Aug 24, 2017 at 4:29 PM, Christopher Schultz
> <ch...@christopherschultz.net> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>> On 8/24/17 4:03 PM, Chris Cheshire wrote:
>>> Cheers :)
>>> On Thu, Aug 24, 2017 at 3:35 PM, Mark Thomas
>>> <ma...@apache.org> wrote:
>>>> On 24/08/17 19:50, Chris Cheshire wrote:
>>>>> Currently I am using httpd to handle SSL (because my certs
>>>>> are generated via LE) with all content being passed off to
>>>>> Tomcat 7 (investigating 8.5 upgrade).
>>>>> I had a poke around on the archives and found mention of a
>>>>> talk on it in
>>>>> conference in Miami.
>>>>> Did this happen? I looked in the Tomcat youtube channel
>>>>> and found a
>>>>> of videos from there, but nothing on LE. Is it something
>>>>> that is still in the "we'd like to find time to do it, but
>>>>> don't know who or when" phase,
>>>>> something that is being worked on for Tomcat 9?
>>>> We only had video for the final day in Miami. But we have
>>>> audio for the others.
>> There are two items here:
>> 1. Can Tomcat be configured and scripted for LE (pretty easy) 2.
>> Tomcat can (with caveats) reload the certificate store
>> I have not made any progress on #2. The Tomcat/LE presentation in
>> the above link mentions we'll be trying to implement seamless
>> reloading, but it's not done, yet. The presentation shows you how
>> to reload it in a potentially disruptive way (because the
>> connector is stopped and re-started, killing any in-flight
>> So it's not great, but it IS possible.
>> - -chris
> Just finished listening to your audio and following the slides.
> Thank you for making these available.
> Tomcat 9.0 supports .pem files, correct? What about 8.5? (I am
> still using 7 and working on upgrading).
Both 8.5 and 9.0 support using PEM files.
> With this support, does this mean we would just reference the
> files certbot produces without repackaging them into a JKS?
Yes, but the connector will still need to be bounced, of course.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org