On 27.10.2017 15:05, Don Flinn wrote:
Hi Andre,
I have looked and it may be my ignorance but I didn't find any that seemed
to fit. I'll look more closely at the available letsencrypt clients.
It is certainly more my own ignorance, rather than yours. I was only pointing out the
obvious, since a fair number of people who post questions here seem to not bother doing
their own homework first, and neglect obvious sources of information such as the WWW or
the Tomcat FAQ.
Your proposal solution below sounds very nice, and would certainly be of immense help to
SSL/HTTPS dummies such as myself.
I'm out of my depth already, but on this forum, Christopher may be the person most able to
provide thoughtful and competent comments regarding such matters.
I guess he'll be in shortly, being on the same oceanic side as you are (or seem to be; one
never really knows these days).
With letsencrypt you first have to authenticate, i.e. show you own the
site, by letsencrypt logging into your site, e.g. Tomcat and checking a
token. Then the Java program can get the letsencrypt certificate. There
are two different addresses Tomcat on AWS and the node, which is running
the Java program.
I've set Tomcat to listen on port 80 and put the directory structure they
want in Tomcat ROOT. The Java program, running on my node, gets the
letsencrypt authentication token and ftp's it to Tomcat
ROOT/.well-known/acme-challenge, which is the directory structure they
expect. letsencryt then authenticates the token which is in Tomcat, by
retrieving it . The program lets letsencrypt know when the ftp is done The
Java program then retrieves the certificate from letsencrypt, puts it in a
keystore, ftp's the keystore to AWS in the directory in which I've set
Tomcat to look for the keystore. It's all done from the one Java program,
which I can run from my node. I have yet to incorporate programically
inserting the certificate into the keystore. All the other steps are
working. It needs testing and doing the update of the certificate, which
is pretty much the same steps as already programmed.
Don
On Fri, Oct 27, 2017 at 7:26 AM, André Warnier (tomcat) <a...@ice-sa.com>
wrote:
On 27.10.2017 13:22, Don Flinn wrote:
I am writing a Java program to get a certificate from letsencrypt put it
in
a keystore and ftp it to my Tomcat 9 or any version running on Amazon Web
Services or any place you can fip to. I intended to contribute it to
Tomcat users. It's about 80% done. I am able to get the letsencrypt
certificate and do the ftping. Recent mail indicates that this has
already been done. If so how can I get the existing code? No sense
duplicating existing work.
Indeed.
Searching Google for "tomcat letsencrypt" seems to get a number of hits.
Did you look at them ?
(I haven't)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
