-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Chris,
On 8/24/17 5:14 PM, Chris Cheshire wrote: > On Thu, Aug 24, 2017 at 4:29 PM, Christopher Schultz > <[email protected]> wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >> >> Chris, >> >> On 8/24/17 4:03 PM, Chris Cheshire wrote: >>> Cheers :) >>> >>> On Thu, Aug 24, 2017 at 3:35 PM, Mark Thomas >>> <[email protected]> wrote: >>> >>>> On 24/08/17 19:50, Chris Cheshire wrote: >>>>> Currently I am using httpd to handle SSL (because my certs >>>>> are generated via LE) with all content being passed off to >>>>> Tomcat 7 (investigating 8.5 upgrade). >>>>> >>>>> I had a poke around on the archives and found mention of a >>>>> talk on it in >>>> a >>>>> conference in Miami. >>>>> >>>>> http://tomcat.10.x6.nabble.com/Dynamic-reloading-of-SSL- >>>> certificates-tt5059619.html#a5059673 >>>>> >>>>> Did this happen? I looked in the Tomcat youtube channel >>>>> and found a >>>> handful >>>>> of videos from there, but nothing on LE. Is it something >>>>> that is still in the "we'd like to find time to do it, but >>>>> don't know who or when" phase, >>>> or >>>>> something that is being worked on for Tomcat 9? >>>> >>>> We only had video for the final day in Miami. But we have >>>> audio for the others. >>>> >>>> http://tomcat.apache.org/presentations.html >> >> There are two items here: >> >> 1. Can Tomcat be configured and scripted for LE (pretty easy) 2. >> Tomcat can (with caveats) reload the certificate store >> >> I have not made any progress on #2. The Tomcat/LE presentation in >> the above link mentions we'll be trying to implement seamless >> reloading, but it's not done, yet. The presentation shows you how >> to reload it in a potentially disruptive way (because the >> connector is stopped and re-started, killing any in-flight >> requests). >> >> So it's not great, but it IS possible. >> >> - -chris > > > Just finished listening to your audio and following the slides. > Thank you for making these available. > > Tomcat 9.0 supports .pem files, correct? What about 8.5? (I am > still using 7 and working on upgrading). Both 8.5 and 9.0 support using PEM files. > With this support, does this mean we would just reference the > files certbot produces without repackaging them into a JKS? Yes, but the connector will still need to be bounced, of course. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZoCEsAAoJEBzwKT+lPKRYt3UP/iBkVaDo8qfI4TqPeB1cq1tV MjbqnLeFqtkHeByicwHuVmMHMpqlvLqYpvBfMMlCwWbr6bzMAaCrjNz7i9ggROua ZJ1n/Dhu5evgjtE3/Dm1m6byzXTM+my4kfKEEBamUn61YZsJOoIzTEOxi8MXebYd 9DATZLxNsB5k7zManvjQIhwxr64XLUyqFIMRwgr/XpIW6II69Up/4piyyXc5xO5s xy0zQ2J82Tk6ZLEa9LWYhN6C7OtqJacoaK+ae7Yo7YSEj2JsG6wMSHAHOdnPbIzE BOhBG10/6J+VkPTKSceB9wdOVZ1UssFeeqyVPJHjOrnyKRGqhz8m/WfSfll57SrJ EysBBiIm+TBbBZtnNgsYJI55k62lTZrShixbYFJ2uyii7f2yWO9K28rd8Xq8hP0v QBBVQ704WiC87E1A34puAi05Am3GR/5q+a92HM2XJ46fhefe85nxX0o3h8gx76ip 91o6R8xUlbycrLtBk9vFN4OL/qM0DhUUrLSO9hldaAWleMvJFM2L/T33VtZ14ZpV 9eMgNc5kDhZeuQnCRiYVBnH2Po5EsIqsXJImxGzp5ODYxZTZtgzzSUOs8FFOlp/s fIZAq9EdCzboMMRed35Bfw2eRvu8AzpCqA7bBl7K6tY3qiacNR8oApJS5+MQI+xb laR2kupqCZjFX3VrOCtu =qjBm -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
