[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    Re: Wildcard certificates
From:       John Dale <jcdwrrc () gmail ! com>
Date:       2019-04-18 13:29:13
Message-ID: CAN9Wfx1axEUdWsx5EW9E6ZLCiiie3EL56nOpnbnydX247+SS+w () mail ! gmail ! com
[Download RAW message or body]

Here is a mostly manual process for integration of certbot with tomcat
7.x.x.  This presupposes you have certbot installed and working (I'm
using Debian):
--------------------------------------------------------------------------------------

// generate the certificates
./certbot-auto certonly --webroot -w /path/to/certbotauth/

// paste in
domain1.com domain2.com domain3.com domainN.com

// convert key format
openssl pkcs12 -export -out gbsapp-bundle.pfx -inkey privkey.pem -in
cert.pem -certfile chain.pem -password pass:keystorepass

// change folders into the directory where the cert was generated
cd /etc/letsencrypt/live/primarydomain.com/

// copy key and change permissions
cp bundlename-bundle.pfx /pathtotomcat/apache-tomcat-7.x.x/conf/


Here is what I'm using to handle the certbot challenge in my custom MVC:
--------------------------------------------------------------------------------------------------

            if(request.getPathInfo().indexOf("acme-challenge") > 0)
            {
                // certbot request
                // todo - further validate authenticity of request
                // example:
/.well-known/acme-challenge/Z9kDHD-PDvjAPT6pUaeGCoNP2f-GNoLFpXOKoAA_58k:
                String certAuthRoot = "certbot/auth/folder/path";
                log.info("Cert bot challenge detected.");
                File file = new File(certAuthRoot + request.getPathInfo());
                FileInputStream fis = new FileInputStream(file);
                OutputStream os = response.getOutputStream();
                int fileContents;
                while((fileContents = fis.read()) != -1)
                {
                    os.write(fileContents);
                }
                os.flush();
                fis.close();
                return;
            }

Hope this helps,

John


On 4/17/19, Sean Dawson <seandawson2015@gmail.com> wrote:
> On Wed, Apr 17, 2019 at 9:20 AM Sean Dawson <seandawson2015@gmail.com>
> wrote:
>
>>
>> Hello, I have a widlcard certificate from GoDaddy. Can I use this with
>> Tomcat? (8.5)
>>
>> I have the files crt (primary certificate?), p7b (intermediate?), pfx
>> (private key?), and a .key file. I did not generate a certificate request
>> prior to this.
>>
>> Google is telling me that either I need to generate a certificate request
>> first, or it's telling everything I need to know about wildcard
>> certificates except how to use the above files.
>>
>> This is for Tomcat 8.5 with Java 8 on CentOS 7, and Windows Server 2016.
>>
>> Thank you.
>>
>>
> Ok just for others' benefit if they want to go this way, I was able to get
> it working by concatenating the .key and the .crt file into one .pem. Then
> do this:
>
> openssl pkcs12 -export -in combined.pem -out cert.p12
>
> And then this:
>
> keytool -importkeystore -srckeystore cert.p12 -srcstoretype pkcs12
> -destkeystore cert.jks
>
> (from this page:
> https://stackoverflow.com/questions/22296312/convert-certificate-from-pem-into-jks
> )
>
> Sorry for the earlier top posting.
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]