Re: Let's Encrypt cert worked fine in 8.5.57, but connector fails in 8.5.40

Thu, 06 Aug 2020 12:20:38 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

James,

On 8/6/20 14:10, James H. H. Lampert wrote:
> On 8/6/20 9:37 AM, Christopher Schultz wrote:
>> $ openssl pkcs12 -export \ -inkey /etc/tomcat8/test.foo.net.key
>> \ -
>
> Dear Mr. Schultz:
>
> Is there supposed to be something after that last hyphen? When I
> type that command, I just get a terminal window full of helptext.
>
>
> And if I try the second command,
>> $ openssl pkcs12 -export \ -in /etc/tomcat8/test.foo.net.crt \
>> -inkey /etc/tomcat8/test.foo.net.key \ -certfile
>> /etc/tomcat8/test.foo.net.issuer.crt \ -out
>> /etc/tomcat8/test.foo.net.p12 \ -chain
>
> without the first, I get:
>> Error unable to get local issuer certificate getting chain.

The -chain argument doesn't take a filename or anything. It tells
openssl to chain the certs together to make sure everything is okay.

You may not need -chain but I seem to always do it.

My slides for Let's Encrypt + Tomcat say:

$ openssl pkcs12 -export -in [cert] -inkey [key] -certfile [chain]
- -out [p12file]

So maybe you don't need the -chain.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl8sV+gACgkQHPApP6U8
pFgQmBAAvGp6ve2xFrdEUgyH6I2lqrULcct46j+KTrxRRFg9B9hEuAGh6+BclG+3
EF10QmpsOOWm1UChk9J06bCA0QQNxCpY5QrCebHEdGxn8SRct0UeLGFMsTHhli7R
ZrLkTrleOReMzwv++69S+kastreo/TpqziAtDrvMXXmcEo25YEV8ll7RkP+hhxVC
mTnmGjVtjRMOm9Ujj7LYqtRj/A2HLI3BJp5ZJyQAQm4rSZ+kHkVgExlG0LiZjNnI
ZPJGo394JzzrcjK7szbpcWzQlokHmW96a0vPt0k0DokWc2JM0jLS0aKHL2OTdqV9
gPCgeyVRDgVzdqGVjCpubL4H2kRilBc4vo2H2JtTU+bXJfTr59gfsFybGtRjv2US
KZJDeTjqf++LhsVEoRpKSGCKru7aDS89JZ01F9zGkOGk3DTHJjqNv+gz3p3ilmiS
/DF+EE1JnRiIJ7qE89QxBFKOKWz3TJOsDNYf39S931ZkDbi4wuYh15JZE9DSYOrB
5PoDZC8xWL+EBtLUmCTj3fpuwIvHSvo34TNvsgNcdEHtd4P3pSLhBYTeUsqU8dzh
j3GGn9jLI/zdlQH65bcjC7MY28ut0n2kqqnwu/myjzPlKt0B7KSDAVcoXqHRS5WV
0lLPiOCuwYtDLTf55/1/zDqLGEr8tcTb99VeXe+RvPQEKmRfrjA=
=1ZK9
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to