Re: how to reload SSL certificates without restarting Tomcat
Jerry, On 3/11/24 14:51, Jerry Lin wrote: Hi Chris, There is also this: https://tomcat.apache.org/presentations.html#latest-lets-encrypt It's very LE-focused, but it shows you how to programmatically trigger a reload. Thanks for your presentation and script. We are using Let's Encrypt, so your material is quite relevant. If I were to present that material today, it would be a lot shorter. In fact, I was asked last-minute to fill-in for a missing speaker in Halifax and I updated that presentation a bit and made it more of a conversation with the audience. I hadn't included anything about the automatic-update feature Tomcat has added since the previous staging of that presentation and afterwards I went in and removed something like 40% of the material in the presentation. So it's all perfectly valid, but it's even easier to use LE with Tomcat, now. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: how to reload SSL certificates without restarting Tomcat
Hi Chris, There is also this: > https://tomcat.apache.org/presentations.html#latest-lets-encrypt > > It's very LE-focused, but it shows you how to programmatically trigger a > reload. > Thanks for your presentation and script. We are using Let's Encrypt, so your material is quite relevant. Jerry
Re: how to reload SSL certificates without restarting Tomcat
Jerry, On 3/10/24 16:00, Jerry Lin wrote: Hi Chuck, Presumably, you mean “not behind https", since “Apache” refers to the organization that develops and maintains a plethora of software products. Yes, “not behind https" (I meant not behind an Apache HTTP server) you can configure the TLS config listener: https://tomcat.apache.org/tomcat-10.1-doc/config/listeners.html#TLS_configuration_reload_listener_-_org.apache.catalina.security.TLSCertificateReloadListener Great, thanks! This is what I was looking for. There is also this: https://tomcat.apache.org/presentations.html#latest-lets-encrypt It's very LE-focused, but it shows you how to programmatically trigger a reload. Chuck's reference to the auto-reloading is even better if you don't mind the background process checking for you, instead of proactively-triggering the reload. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: how to reload SSL certificates without restarting Tomcat
> On Mar 10, 2024, at 15:00, Jerry Lin wrote: > > Hi Chuck, > > Presumably, you mean “not behind https", since “Apache” refers to the >> organization that develops and maintains a plethora of software products. >> > Spell checker got me - I meant “httpd”, not “https”. - Chuck - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: how to reload SSL certificates without restarting Tomcat
Hi Chuck, Presumably, you mean “not behind https", since “Apache” refers to the > organization that develops and maintains a plethora of software products. > Yes, “not behind https" (I meant not behind an Apache HTTP server) > you can configure the TLS config listener: > > > https://tomcat.apache.org/tomcat-10.1-doc/config/listeners.html#TLS_configuration_reload_listener_-_org.apache.catalina.security.TLSCertificateReloadListener Great, thanks! This is what I was looking for. Regards, Jerry
Re: how to reload SSL certificates without restarting Tomcat
> On Mar 10, 2024, at 12:39, Jerry Lin wrote: > > For those of us with a publicly accessible instance of Tomcat (e.g. not > behind Apache), is there a good way of having a renewed SSL/HTTPS > certificate take effect without restarting Tomcat? Presumably, you mean “not behind https", since “Apache” refers to the organization that develops and maintains a plethora of software products. If you’re running on a supported version of Tomcat (you didn’t tell us what level you’re using), you can configure the TLS config listener: https://tomcat.apache.org/tomcat-10.1-doc/config/listeners.html#TLS_configuration_reload_listener_-_org.apache.catalina.security.TLSCertificateReloadListener https://tomcat.apache.org/tomcat-9.0-doc/config/listeners.html#TLS_configuration_reload_listener_-_org.apache.catalina.security.TLSCertificateReloadListener https://tomcat.apache.org/tomcat-8.5-doc/config/listeners.html#TLS_configuration_reload_listener_-_org.apache.catalina.security.TLSCertificateReloadListener - Chuck