On 04/01/18 05:50, Paul Beard wrote: > > >> On Jan 3, 2018, at 11:33 AM, Christopher Schultz >> <ch...@christopherschultz.net> wrote: >> >> In there, I detail how to put everything together. There is a script >> that builds a Java keystore that Tomcat can use. That script >> demonstrates how to take an existing key+certificate+chain, convert it >> into a Java keystore and then make it active. The script actually >> requests a renewal of the certificate from Let's Encrypt (which may >> say "no renewal required") and then only re-builds the keystore if the >> key/cert have actually changed. > > This looks great but I suspect my problems are more basic, like getting *any* > cert to be honored, even a self-signed one. > > This step — <Connector port=”8443” keystoreFile=”conf/keystore.jks” ... /> — > eludes me. I added that to an existing Connector stanza but I am seeing these > errors which suggests (?) I did that wrong: > > SEVERE: Failed to initialize end point associated with ProtocolHandler > ["http-bio-8443"] > java.io.IOException: Keystore was tampered with, or password was incorrect > > > <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" > keystoreFile="conf/keystore.jks" keystorePass="qwerty" > maxThreads="150" SSLEnabled="true" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" /> > > But that seems outside the scope of what I was asking. I’ll take another look > tomorrow…took entirely too long to get the symlink step to word as expected. > Had to change to the conf directory for it to work. Too late in the day for > this to make any sense. > > Thanks for the presentation. I’m sure it will make sense to me eventually.
This might help. https://www.youtube.com/watch?v=I6TbMqH9WFg The complete list of webinars, presentations etc. (many with audio or video) is available here: http://tomcat.apache.org/presentations.html Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
