On Thu, Aug 24, 2017 at 4:29 PM, Christopher Schultz <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Chris, > > On 8/24/17 4:03 PM, Chris Cheshire wrote: > > Cheers :) > > > > On Thu, Aug 24, 2017 at 3:35 PM, Mark Thomas <[email protected]> > > wrote: > > > >> On 24/08/17 19:50, Chris Cheshire wrote: > >>> Currently I am using httpd to handle SSL (because my certs are > >>> generated via LE) with all content being passed off to Tomcat 7 > >>> (investigating 8.5 upgrade). > >>> > >>> I had a poke around on the archives and found mention of a talk > >>> on it in > >> a > >>> conference in Miami. > >>> > >>> http://tomcat.10.x6.nabble.com/Dynamic-reloading-of-SSL- > >> certificates-tt5059619.html#a5059673 > >>> > >>> Did this happen? I looked in the Tomcat youtube channel and > >>> found a > >> handful > >>> of videos from there, but nothing on LE. Is it something that > >>> is still in the "we'd like to find time to do it, but don't > >>> know who or when" phase, > >> or > >>> something that is being worked on for Tomcat 9? > >> > >> We only had video for the final day in Miami. But we have audio > >> for the others. > >> > >> http://tomcat.apache.org/presentations.html > > There are two items here: > > 1. Can Tomcat be configured and scripted for LE (pretty easy) > 2. Tomcat can (with caveats) reload the certificate store > > I have not made any progress on #2. The Tomcat/LE presentation in the > above link mentions we'll be trying to implement seamless reloading, > but it's not done, yet. The presentation shows you how to reload it in > a potentially disruptive way (because the connector is stopped and > re-started, killing any in-flight requests). > > So it's not great, but it IS possible. > > - -chris
Just finished listening to your audio and following the slides. Thank you for making these available. Tomcat 9.0 supports .pem files, correct? What about 8.5? (I am still using 7 and working on upgrading). With this support, does this mean we would just reference the files certbot produces without repackaging them into a JKS? Chris --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
