Yes, that was the conclusion reached also by the other ml members.
Thanks to everyone !
Il 03-Jun-25 17:54, Mark Thomas ha scritto:
On 03/06/2025 16:29, Ivano Luberti wrote:
Because the contexts (webapps) in this instance can serve requests
form different domains.
https://domain1/context1
https://domain2/context2
So this is a host environment where you need to add and remove
customers each with their own domain?
If that is the case then you will need to code something yourself.
It shouldn't be too hard to code something like the
TLSCertificateReloadListener that watches a file and when it sees a
change parses the file for a list of domains and then adds/removes
them as necessary.
Mark
Il 03-Jun-25 15:27, Mark Thomas ha scritto:
Why do you need to add/remove a certificate?
Mark
On 03/06/2025 09:15, Ivano Luberti wrote:
Hi Mark, only problem to solve is to avoid restart upon adding/
removal of an SSL certificate.
Il 29-May-25 09:38, Mark Thomas ha scritto:
On 29/05/2025 07:59, Ivano Luberti wrote:
Thanks Chris, yes that's what I tried to explain from the
beginning, sorry I wasn't clear enough.
To summarize: there is no solution out of the box, I have to
develop something.
I will look into that.
Just out of interest, what problem are you trying to solve?
Depending on the problem, there may be other solutions.
Mark
Thanks everyone
Il 28-May-25 14:43, Christopher Schultz ha scritto:
Ivano,
On 5/28/25 4:17 AM, Ivano Luberti wrote:
Thanks for all the responses. I try to be more clear.
My server.xml configuration contains a few SSLHostConfig
configurations like this
<SSLHostConfig
hostName="host domain.it"
ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA">
<Certificate
certificateKeystoreFile="/etc/ssl/LetsEncrypt/host domain.it/
host domain.it.pfx"
certificateKeystorePassword="passwrod"
certificateKeystoreType="PKCS12"
/>
</SSLHostConfig>
after certificate renewal, reloadin the certificate is no concern.
But if I add (or remove) a new SSLHostConfig, tomcat needs to
be restarted in order to take into account the new configuration.
I would like to know if there is a way to configure tomcat so
avoid restart.
Even using a different way to configure tomcat outside of
server.xml using a different certificate format or whatever.
Okay, so you don't mean reconfiguring an existing SSLHostConfig.
You mean adding a new one (or removing an old one).
You should connect to Tomcat using JMX to see all of the remote-
management capabilities it has. You are able to use JMX to
create SSLHostConfig settings on the fly, reconfigure
connectors, etc. without restarting the JVM.
-chris
Il 28-May-25 09:49, Michael Osipov ha scritto:
On 2025/05/27 20:11:25 Ivano Luberti wrote:
Hi all, is there a way to configure tomcat in order to avoid
restart
when I change the list of ssl certificates?
I know and I do it, how to reload existing certificates, but I'm
searching a qay to avoid reloading when I add or remove a
certificate.
I'm using Tomcat 9 , but looking for solution also in tomcat
10 or 11.
RTFM:https://tomcat.apache.org/tomcat-11.0-doc/api/org/apache/
catalina/security/TLSCertificateReloadListener.html?
Works for me very well.
---------------------------------------------------------------------
To unsubscribe, e-mail:users-unsubscr...@tomcat.apache.org
For additional commands, e-mail:users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
Archimede Informatica tratta i dati personali in conformità a quanto
stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno
2003 n. 196
per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
Informativa completa
<http://www.archicoop.it/fileadmin/pdf/InformativaTrattamentoDatiPersonali.pdf>
Il contenuto di questo messaggio e dei suoi eventuali allegati è
riservato. Nel caso in cui Lei non sia il destinatario, La preghiamo di
contattare telefonicamente o via e-mail il mittente ai recapiti sopra
indicati e di cancellare il messaggio e gli eventuali allegati dal Suo
sistema senza farne copia o diffonderli. Le opinioni espresse sono
quelle dell'autore e non rappresentano necessariamente quelle della Società.
This message and any attachment are confidential.If you are not the
intended recipient, please telephone or email the sender and delete this
message and any attachment from your system. If you are not the intended
recipient you must not copy this message or attachment or disclose the
contents to any other person. Any opinions presented are solely those of
the author and do not necessarily represent those of the Company.
dott. Ivano Mario Luberti
Archimede Informatica società cooperativa a r. l.
Via Gereschi 36, 56127 Pisa
tel.: +39 050/580959
web: www.archicoop.it
linkedin: www.linkedin.com/in/ivanoluberti
facebook: www.facebook.com/archimedeinformaticapisa/
