> On Jan 3, 2018, at 11:33 AM, Christopher Schultz > <ch...@christopherschultz.net> wrote: > > In there, I detail how to put everything together. There is a script > that builds a Java keystore that Tomcat can use. That script > demonstrates how to take an existing key+certificate+chain, convert it > into a Java keystore and then make it active. The script actually > requests a renewal of the certificate from Let's Encrypt (which may > say "no renewal required") and then only re-builds the keystore if the > key/cert have actually changed.
This looks great but I suspect my problems are more basic, like getting *any*
cert to be honored, even a self-signed one.
This step — <Connector port=”8443” keystoreFile=”conf/keystore.jks” ... /> —
eludes me. I added that to an existing Connector stanza but I am seeing these
errors which suggests (?) I did that wrong:
SEVERE: Failed to initialize end point associated with ProtocolHandler
["http-bio-8443"]
java.io.IOException: Keystore was tampered with, or password was incorrect
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
keystoreFile="conf/keystore.jks" keystorePass="qwerty"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
But that seems outside the scope of what I was asking. I’ll take another look
tomorrow…took entirely too long to get the symlink step to word as expected.
Had to change to the conf directory for it to work. Too late in the day for
this to make any sense.
Thanks for the presentation. I’m sure it will make sense to me eventually.
signature.asc
Description: Message signed with OpenPGP
