Hi, Wouldn’t this setup be easier to deploy as a Docker container? We have an image with SSL server cert support: https://github.com/AtomGraph/letsencrypt-tomcat
On Mon, 18 Jul 2022 at 16.09, Aryeh Friedman <aryeh.fried...@gmail.com> wrote: > Here are the steps to installing a SSL cert (it varies slightly based > on who your certificate authority [CA] is): > > Generate a CSR with keytool (it must be key tool despite what the > tomcat docs say since for whatever reason it refuses to import from > any other SSL tool): > > keytool –keystore clientkeystore –genkey –alias mykey > > Submit the above to your CA (they will give you directions on how to > submit it) and have them issued a signed cert for it > > The signed cert usually comes with some intermediate files (this is > the part that varies by CA) which you have to apply in order to the > keystore (the following is the set of files I use): > > keytool -noprompt -importcert -alias AAACertificateServices -file > AAACertificateServices.crt -keystore sslStore > > keytool -importcert -trustcacerts -keystore sslStore -file > USERTrustRSAAAACA.crt -alias USERTrustRSAAAACA > > keytool -importcert -trustcacerts -keystore sslStore -file > /SectigoRSAOrganizationValidationSecureServerCA.crt -alias > SectigoRSAOrganizationValidationSecureServerCA > > keytool -importcert -trustcacerts -alias mykey (this *MUST* match the > alias of the CSR you submitted to the CA) > -file 1008013344repl_2.crt -keystore sslStore > > Modify the tomcat server.xml to uncomment out the right https line in > the config and tell it where to find the sslStore (some OS's force you > to put it in $TOMCAT_HOME)... for example I do the following: > > <Connector > protocol="org.apache.coyote.http11.Http11NioProtocol" > port="443" maxThreads="200" > scheme="https" secure="true" SSLEnabled="true" > keystoreFile="/usr/local/apache-tomcat-9.0/keystore" > keystorePass="mySuperSecretPassword" > clientAuth="false" sslProtocol="TLS" > sslEnabledProtocols="TLSv1.2"/> > > Restart tomcat and you should have SSL how if you go to https if you > on port 8080 you will likely want to put in 8443 not 443 > > > References: > https://docs.oracle.com/cd/E19509-01/820-3503/ggezu/index.html > > > On Mon, Jul 18, 2022 at 8:11 AM Jasmin Ćatić <jasmin.cati...@gmail.com> > wrote: > > > > Now I have another setback. > > I have my tomcat running on the domain name www.mydomain.com and I have > an > > SSL certificate on this domain (CA_BUNDLE, Certificate and Key) in my > > CPanel. > > How to configure Tomcat to use this SSL and HTTPS protocol. > > > > Thanks again for your help > > > > pon, 18. srp 2022. u 08:24 Jasmin Ćatić <jasmin.cati...@gmail.com> > napisao > > je: > > > > > Thank you very much. I have done it successfully. > > > Best regards > > > JC > > > > > > ned, 17. srp 2022. u 09:08 Thomas Hoffmann (Speed4Trade GmbH) > > > <thomas.hoffm...@speed4trade.com.invalid> napisao je: > > > > > >> Hello, > > >> > > >> > -----Ursprüngliche Nachricht----- > > >> > Von: Aryeh Friedman <aryeh.fried...@gmail.com> > > >> > Gesendet: Sonntag, 17. Juli 2022 08:43 > > >> > An: Tomcat Users List <users@tomcat.apache.org> > > >> > Betreff: Re: Publishing Tomcat webapp > > >> > > > >> > On Sun, Jul 17, 2022 at 2:39 AM Aryeh Friedman > > >> > <aryeh.fried...@gmail.com> > > >> > wrote: > > >> > > Once you have it pointing to that domain just upload the war file > to > > >> > > it > > >> > and give people the link. > > >> > > > >> > Small wording correction... I mean upload the war file as being a > part > > >> of the > > >> > webapp and/or a part of an other webapp you have for downloading... > > >> > take a look at the download section of the site I list in my > signature. > > >> > > > >> > -- > > >> > Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org > > >> > > >> Usually you need 2 things: > > >> 1) A webserver or webspace. This includes a public IP address > > >> 2) A domain. You can buy it online. > > >> > > >> When you own a domain, you have access to the DNS settings. Create an > > >> A-Record with the domain-name and point it to the IP address of your > server. > > >> If an A-records already exists, modify it to point to the IP address > of > > >> the server. > > >> > > >> Install tomcat on the webserver and install your web-application. > > >> Tomcat listens per default on all ports, so no special configuration > > >> needed (only if you host multiple domains on that server). > > >> > > > > > > > -- > Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
