-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To whom it may concern,
On 4/17/19 10:22, TurboChargedDad . wrote: > I would have the opposite feeling. I would not want a java process > parked out in the internet. Not saying you're wrong just my > personal feeling. It would be interesting to compare the number of remotely-exploitable vulnerabilities there have been in e.g. httpd versus e.g. Tomcat in a given period of time. My guess is that the Java-based servers have had a better track record. The difference is that typically if you own a web server, you just own the web server. But if you own an application server, you typically get access to lots of great stuff like the application's database. > Maybe things have shifted in a different direction over the year. Any particular year? > I do agree that something like that would be helpful to other > tomcat admins. Would you consider putting it into github ? certbot does almost everything you need. There is also this: https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encrypt %20Apache%20Tomcat.pdf So unless John has done something truly amazing, maybe adding more tools to what MUST be a secure toolchain isn't a great move. - -chris > On Wed, Apr 17, 2019 at 9:18 AM John Dale <jcdw...@gmail.com> > wrote: > >> I have a really nice process that works great with certbot. >> Single command to renew all of my certs and I'm finished. >> >> I get some piece of mind having a Java process guarding the >> front door. Seems to be more impervious to overflows. What am I >> missing? >> >> I think what I have might be easily developed into something to >> help other Tomcat users. >> >> On 4/17/19, TurboChargedDad . <linuxhpc...@gmail.com> wrote: >>> We terminated SSL above the tomcat layer using NGINX or Apache >>> to avoid the complexities that come with managing a JKS. I >>> want to hear all I can on this subject. >>> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly3WFMACgkQHPApP6U8 pFjFUA//Q5HiqvarK/NO/o2tjtVUVs75RJaTEao7T1eUCwMIf/F9nkpZpNG8TxK7 slT0zu3GMaB5+Z5PK753M3+vZ9nytbat4ODbUNpUMrqeT1/U0eaF1LdbY0jeUmKH hmzQFTtLEtJ9mMYn+KJ3sA8D3sIECWwFuKD+BdYmOkzAZn37HlzyI+1CMr4mEA6C LnhlD/hEeG4HiO5FtE4BxRKZ0vcLhBp10/m27E6j6KDiiwT7+tlNfwD53S5P94vv f/FbwSP8GJfkFu13ot+ce1IVerMNpMpc6nay1efJmYtT4oHyNP0YUVMZyN8YyCTO 5yiLYOj8yXLxLatdKBWJ+1fsqd5DXuOEv0KmaIaqi3pLHg5oJQp5CtsLKTSFVTmV FBoWew1JFhh5DBI27uJntGzlwIGjKAq7Cq0qitL2gVCiDr6HFaI/gkvVriDjoZL/ L3E5JDSpYL/iSzBeBd5qKbGVz7+/bdsHoxdHGRFrvcNYyPZIT871bVoNjvyaSFsM KZGYcgZgruzN6hT3+jmJpHHoINb+XQeViM140HvYJP1zrcyCZ9ejqpw1BSB+WbT0 OutjYugoJwORD2SWFTXAc5g6flP5I6JYogexzlj0UPx6v0969I6OBPkLRyMzyKnr RTSLV2mYJifNFjLvJ98blhhRmZG3BgAJR4ussur1NTZzs6I03Bc= =4l6s -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org