On Mon, May 30, 2016 at 11:26 PM, Conor Skyler <conorsky...@gmail.com> wrote:
> Hello list, > > I'm trying to install the certificates I bought from GoDaddy into my Tomcat > server, however so far I've been unsuccessful to achieve this. > > My system specs are: > OS: Amazon Linux (fully updated) > Tomcat version: 8.0.32, installed from the repos > Java version: $ java -version > openjdk version "1.8.0_91" > OpenJDK Runtime Environment (build 1.8.0_91-b14) > OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode) > > To install the certificates I followed this tutorial from GoDaddy website: > > https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239 > which explains how to create a KeyStore and configure the <Connector> in > the server.xml file. > Follow these instructions. > > Now, judging from the official Tomcat documentation in > https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated that I > first need to conver the .crt files provided by GoDaddy to PKCS12 format -- > I wonder then why the instructions in GoDaddy's website state other thing! > There's more than one way to do this. If you started out by following the GoDaddy instructions to generate your CSR, then continue to follow them to import your signed certificate. > > But then I read this piece of documentation that left me completely > bewildered: > To import an existing certificate signed by your own CA into a PKCS12 > keystore using OpenSSL you would execute a command like: > > openssl pkcs12 -export -in mycert.crt -inkey mykey.key > -out mycert.p12 -name tomcat -CAfile myCA.crt > -caname root -chain > > In this example there's a reference to a 'mykey.key' file that I don't > have a clue how to obtain it or from where it comes since when I > download the certificates provided by GoDaddy, there's no such .key > file: I can download several different types of certificates in .crt > format but there isn't any .key file to download. > This has to do with the way that you generated the CSR. The GoDaddy instructions have you using keytool and a keystore. In this case, your private key will exist in the keystore, so you won't have a .key file and that's OK. > > I tried contacting their support and well, they weren't any helpful at > all, they pointed me to the repository where all the certificates are > stored and told me to 'find someone that knows how to handle them' -- > thanks for nothing :( > > Finally I want to say that I have Tomcat running smooth at port 8080, > I even configured an administrator user to access the status page > which works perfectly, my problem is that I just can't find how to > properly install and configure the SSL. > Follow the GoDaddy instructions. They should work. If you get stuck on a specific step, let us know. Dan > > What I'm not sure though is what part or steps I'm missing, I believe > this has to be much more simpler that it's been so far for me but > seriously I can't wrap my mind around it. > > Thank you very much for taking the time to read this n00b's help scream. > > Best regards, > -Conor >