Hello Pierre, Yes, I contacted the technical support at GoDaddy and then basically told me that I'm on my own and that I should find someone that knows how to handle the configuration -- that's all the aid they gave me.
I think that there two separate problems here. First one, the mismatch between the files I receive zipped and the ones referred in the website when it reads: "The file names for your root and intermediate certificates depend on your signature algorithm. - SHA-1 root certificate: gd_class2_root.crt - SHA-2 root certificate: gdroot-g2.crt - SHA-1 intermediate certificate: gd.intermediate.crt - SHA-2 intermediate certificate: gdig2.crt - (*Java 6/7 only*) SHA-2 Root Certificate: gdroot-g2_cross.crt" But the files I get when I unzip the downloaded archive are: my_certificate.crt gd_bundle-g2-g1.crt gdig2.crt So first thing here is that I don't how to use them when following the instructions stated on the site (the only one I can identify is my_certificate.crt). With the second issue my guess is that it might be related to the KeyStore file not holding the private key: I wasn't given the original tomcat.keystore file (following the example on GoDaddy's website) so here I'm starting from the scratch, generating a new KeyStore. What I have though is a PEM file from the person I presume the .csr request file; is there a way to add it to the KeyStore file I create when following the instructions on GoDaddy's site? Thank you very much for stepping in! -Conor On Fri, Jun 3, 2016 at 6:09 PM, Hardibo Pierre-Jean <cont...@hardibopj.com> wrote: > there's all here no ? > > https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239 > > Le 03/06/2016 22:37, Conor Skyler a écrit : > >> Hi again, >> >> At this point I don't know what else to try: I carefully gone through the >> process stated at GoDaddy's website once again trying different >> combinations with the certificates (as the instructions provided by >> GoDaddy >> doesn't match the certificates you download) but the result was the same >> as before, it didn't work. >> >> Early today I found this post in StackOverflow: >> >> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr >> which somehow brought some hope to me as the title states literally the >> issue I'm having: ' >> >> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt >> ' >> >> Sadly after trying everything what's shown there and reading tons of stuff >> I still can't make the KeyStore work with my Tomcat server. >> >> Any help will be greatly appreciated. >> -Conor >> >> >> >> On Wed, Jun 1, 2016 at 6:12 PM, Conor Skyler <conorsky...@gmail.com> >> wrote: >> >> Hi Daniel, >>> >>> Thank you very much for stepping in, I’m processing a new set of >>> certificates that I hope to try tomorrow. >>> >>> Warm regards, >>> -Conor >>> >>> >>> On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa <dmik...@pivotal.io> >>> wrote: >>> >>> On Mon, May 30, 2016 at 11:26 PM, Conor Skyler <conorsky...@gmail.com> >>>> wrote: >>>> >>>> Hello list, >>>>> >>>>> I'm trying to install the certificates I bought from GoDaddy into my >>>>> >>>> Tomcat >>>> >>>>> server, however so far I've been unsuccessful to achieve this. >>>>> >>>>> My system specs are: >>>>> OS: Amazon Linux (fully updated) >>>>> Tomcat version: 8.0.32, installed from the repos >>>>> Java version: $ java -version >>>>> openjdk version "1.8.0_91" >>>>> OpenJDK Runtime Environment (build 1.8.0_91-b14) >>>>> OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode) >>>>> >>>>> To install the certificates I followed this tutorial from GoDaddy >>>>> >>>> website: >>>> >>>>> >>>>> >>>> https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239 >>>> >>>>> which explains how to create a KeyStore and configure the <Connector> >>>>> in >>>>> the server.xml file. >>>>> >>>>> Follow these instructions. >>>> >>>> >>>> Now, judging from the official Tomcat documentation in >>>>> https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated >>>>> >>>> that I >>>> >>>>> first need to conver the .crt files provided by GoDaddy to PKCS12 >>>>> >>>> format -- >>>> >>>>> I wonder then why the instructions in GoDaddy's website state other >>>>> >>>> thing! >>>> There's more than one way to do this. If you started out by following >>>> the >>>> GoDaddy instructions to generate your CSR, then continue to follow them >>>> to >>>> import your signed certificate. >>>> >>>> >>>> But then I read this piece of documentation that left me completely >>>>> bewildered: >>>>> To import an existing certificate signed by your own CA into a PKCS12 >>>>> keystore using OpenSSL you would execute a command like: >>>>> >>>>> openssl pkcs12 -export -in mycert.crt -inkey mykey.key >>>>> -out mycert.p12 -name tomcat -CAfile myCA.crt >>>>> -caname root -chain >>>>> >>>>> In this example there's a reference to a 'mykey.key' file that I don't >>>>> have a clue how to obtain it or from where it comes since when I >>>>> download the certificates provided by GoDaddy, there's no such .key >>>>> file: I can download several different types of certificates in .crt >>>>> format but there isn't any .key file to download. >>>>> >>>>> This has to do with the way that you generated the CSR. The GoDaddy >>>> instructions have you using keytool and a keystore. In this case, your >>>> private key will exist in the keystore, so you won't have a .key file >>>> and >>>> that's OK. >>>> >>>> >>>> I tried contacting their support and well, they weren't any helpful at >>>>> all, they pointed me to the repository where all the certificates are >>>>> stored and told me to 'find someone that knows how to handle them' -- >>>>> thanks for nothing :( >>>>> >>>>> Finally I want to say that I have Tomcat running smooth at port 8080, >>>>> I even configured an administrator user to access the status page >>>>> which works perfectly, my problem is that I just can't find how to >>>>> properly install and configure the SSL. >>>>> >>>>> Follow the GoDaddy instructions. They should work. If you get stuck >>>> on a >>>> specific step, let us know. >>>> >>>> Dan >>>> >>>> >>>> What I'm not sure though is what part or steps I'm missing, I believe >>>>> this has to be much more simpler that it's been so far for me but >>>>> seriously I can't wrap my mind around it. >>>>> >>>>> Thank you very much for taking the time to read this n00b's help >>>>> scream. >>>>> >>>>> Best regards, >>>>> -Conor >>>>> >>>>> >>> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
