You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Conor Skyler <co...@gmail.com> on 2016/05/31 03:26:46 UTC
Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32
(Amazon Linux)
Hello list,
I'm trying to install the certificates I bought from GoDaddy into my Tomcat
server, however so far I've been unsuccessful to achieve this.
My system specs are:
OS: Amazon Linux (fully updated)
Tomcat version: 8.0.32, installed from the repos
Java version: $ java -version
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
To install the certificates I followed this tutorial from GoDaddy website:
https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
which explains how to create a KeyStore and configure the <Connector> in
the server.xml file.
Now, judging from the official Tomcat documentation in
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated that I
first need to conver the .crt files provided by GoDaddy to PKCS12 format --
I wonder then why the instructions in GoDaddy's website state other thing!
But then I read this piece of documentation that left me completely
bewildered:
To import an existing certificate signed by your own CA into a PKCS12
keystore using OpenSSL you would execute a command like:
openssl pkcs12 -export -in mycert.crt -inkey mykey.key
-out mycert.p12 -name tomcat -CAfile myCA.crt
-caname root -chain
In this example there's a reference to a 'mykey.key' file that I don't
have a clue how to obtain it or from where it comes since when I
download the certificates provided by GoDaddy, there's no such .key
file: I can download several different types of certificates in .crt
format but there isn't any .key file to download.
I tried contacting their support and well, they weren't any helpful at
all, they pointed me to the repository where all the certificates are
stored and told me to 'find someone that knows how to handle them' --
thanks for nothing :(
Finally I want to say that I have Tomcat running smooth at port 8080,
I even configured an administrator user to access the status page
which works perfectly, my problem is that I just can't find how to
properly install and configure the SSL.
What I'm not sure though is what part or steps I'm missing, I believe
this has to be much more simpler that it's been so far for me but
seriously I can't wrap my mind around it.
Thank you very much for taking the time to read this n00b's help scream.
Best regards,
-Conor
Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32
(Amazon Linux)
Posted by Hardibo Pierre-Jean <co...@hardibopj.com>.
there's the tuto :
https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
use sha2 root and intermediate and for the last use my_certificate
here's the repo :
https://certs.godaddy.com/repository/
Le 04/06/2016 00:18, Hardibo Pierre-Jean a �crit :
> gdig2.crt is intermediate my_certificate must be the last to configure
> so i think bundle may be the root.
>
>
>
> Le 04/06/2016 00:13, Conor Skyler a �crit :
>> Hello Pierre,
>>
>> Yes, I contacted the technical support at GoDaddy and then basically
>> told
>> me that I'm on my own and that I should find someone that knows how to
>> handle the configuration -- that's all the aid they gave me.
>>
>> I think that there two separate problems here.
>> First one, the mismatch between the files I receive zipped and the ones
>> referred in the website when it reads:
>>
>> "The file names for your root and intermediate certificates depend on
>> your
>> signature algorithm.
>>
>> - SHA-1 root certificate: gd_class2_root.crt
>> - SHA-2 root certificate: gdroot-g2.crt
>> - SHA-1 intermediate certificate: gd.intermediate.crt
>> - SHA-2 intermediate certificate: gdig2.crt
>> - (*Java 6/7 only*) SHA-2 Root Certificate: gdroot-g2_cross.crt"
>>
>> But the files I get when I unzip the downloaded archive are:
>>
>> my_certificate.crt
>> gd_bundle-g2-g1.crt
>> gdig2.crt
>>
>> So first thing here is that I don't how to use them when following the
>> instructions stated on the site (the only one I can identify is
>> my_certificate.crt).
>>
>> With the second issue my guess is that it might be related to the
>> KeyStore
>> file not holding the private key:
>> I wasn't given the original tomcat.keystore file (following the
>> example on
>> GoDaddy's website) so here I'm starting from the scratch, generating
>> a new
>> KeyStore.
>> What I have though is a PEM file from the person I presume the .csr
>> request
>> file; is there a way to add it to the KeyStore file I create when
>> following
>> the instructions on GoDaddy's site?
>>
>> Thank you very much for stepping in!
>> -Conor
>>
>>
>>
>> On Fri, Jun 3, 2016 at 6:09 PM, Hardibo Pierre-Jean
>> <co...@hardibopj.com>
>> wrote:
>>
>>> there's all here no ?
>>>
>>> https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
>>>
>>>
>>> Le 03/06/2016 22:37, Conor Skyler a �crit :
>>>
>>>> Hi again,
>>>>
>>>> At this point I don't know what else to try: I carefully gone
>>>> through the
>>>> process stated at GoDaddy's website once again trying different
>>>> combinations with the certificates (as the instructions provided by
>>>> GoDaddy
>>>> doesn't match the certificates you download) but the result was
>>>> the same
>>>> as before, it didn't work.
>>>>
>>>> Early today I found this post in StackOverflow:
>>>>
>>>> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
>>>>
>>>> which somehow brought some hope to me as the title states literally
>>>> the
>>>> issue I'm having: '
>>>>
>>>> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
>>>>
>>>> '
>>>>
>>>> Sadly after trying everything what's shown there and reading tons
>>>> of stuff
>>>> I still can't make the KeyStore work with my Tomcat server.
>>>>
>>>> Any help will be greatly appreciated.
>>>> -Conor
>>>>
>>>>
>>>>
>>>> On Wed, Jun 1, 2016 at 6:12 PM, Conor Skyler <co...@gmail.com>
>>>> wrote:
>>>>
>>>> Hi Daniel,
>>>>> Thank you very much for stepping in, I\u2019m processing a new set of
>>>>> certificates that I hope to try tomorrow.
>>>>>
>>>>> Warm regards,
>>>>> -Conor
>>>>>
>>>>>
>>>>> On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa <dm...@pivotal.io>
>>>>> wrote:
>>>>>
>>>>> On Mon, May 30, 2016 at 11:26 PM, Conor Skyler
>>>>> <co...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>> Hello list,
>>>>>>> I'm trying to install the certificates I bought from GoDaddy
>>>>>>> into my
>>>>>>>
>>>>>> Tomcat
>>>>>>
>>>>>>> server, however so far I've been unsuccessful to achieve this.
>>>>>>>
>>>>>>> My system specs are:
>>>>>>> OS: Amazon Linux (fully updated)
>>>>>>> Tomcat version: 8.0.32, installed from the repos
>>>>>>> Java version: $ java -version
>>>>>>> openjdk version "1.8.0_91"
>>>>>>> OpenJDK Runtime Environment (build 1.8.0_91-b14)
>>>>>>> OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
>>>>>>>
>>>>>>> To install the certificates I followed this tutorial from GoDaddy
>>>>>>>
>>>>>> website:
>>>>>>
>>>>>>>
>>>>>> https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
>>>>>>
>>>>>>
>>>>>>> which explains how to create a KeyStore and configure the
>>>>>>> <Connector>
>>>>>>> in
>>>>>>> the server.xml file.
>>>>>>>
>>>>>>> Follow these instructions.
>>>>>>
>>>>>> Now, judging from the official Tomcat documentation in
>>>>>>> https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
>>>>>>>
>>>>>> that I
>>>>>>
>>>>>>> first need to conver the .crt files provided by GoDaddy to PKCS12
>>>>>>>
>>>>>> format --
>>>>>>
>>>>>>> I wonder then why the instructions in GoDaddy's website state other
>>>>>>>
>>>>>> thing!
>>>>>> There's more than one way to do this. If you started out by
>>>>>> following
>>>>>> the
>>>>>> GoDaddy instructions to generate your CSR, then continue to
>>>>>> follow them
>>>>>> to
>>>>>> import your signed certificate.
>>>>>>
>>>>>>
>>>>>> But then I read this piece of documentation that left me completely
>>>>>>> bewildered:
>>>>>>> To import an existing certificate signed by your own CA into a
>>>>>>> PKCS12
>>>>>>> keystore using OpenSSL you would execute a command like:
>>>>>>>
>>>>>>> openssl pkcs12 -export -in mycert.crt -inkey mykey.key
>>>>>>> -out mycert.p12 -name tomcat -CAfile
>>>>>>> myCA.crt
>>>>>>> -caname root -chain
>>>>>>>
>>>>>>> In this example there's a reference to a 'mykey.key' file that I
>>>>>>> don't
>>>>>>> have a clue how to obtain it or from where it comes since when I
>>>>>>> download the certificates provided by GoDaddy, there's no such .key
>>>>>>> file: I can download several different types of certificates in
>>>>>>> .crt
>>>>>>> format but there isn't any .key file to download.
>>>>>>>
>>>>>>> This has to do with the way that you generated the CSR. The
>>>>>>> GoDaddy
>>>>>> instructions have you using keytool and a keystore. In this
>>>>>> case, your
>>>>>> private key will exist in the keystore, so you won't have a .key
>>>>>> file
>>>>>> and
>>>>>> that's OK.
>>>>>>
>>>>>>
>>>>>> I tried contacting their support and well, they weren't any
>>>>>> helpful at
>>>>>>> all, they pointed me to the repository where all the
>>>>>>> certificates are
>>>>>>> stored and told me to 'find someone that knows how to handle
>>>>>>> them' --
>>>>>>> thanks for nothing :(
>>>>>>>
>>>>>>> Finally I want to say that I have Tomcat running smooth at port
>>>>>>> 8080,
>>>>>>> I even configured an administrator user to access the status page
>>>>>>> which works perfectly, my problem is that I just can't find how to
>>>>>>> properly install and configure the SSL.
>>>>>>>
>>>>>>> Follow the GoDaddy instructions. They should work. If you get
>>>>>>> stuck
>>>>>> on a
>>>>>> specific step, let us know.
>>>>>>
>>>>>> Dan
>>>>>>
>>>>>>
>>>>>> What I'm not sure though is what part or steps I'm missing, I
>>>>>> believe
>>>>>>> this has to be much more simpler that it's been so far for me but
>>>>>>> seriously I can't wrap my mind around it.
>>>>>>>
>>>>>>> Thank you very much for taking the time to read this n00b's help
>>>>>>> scream.
>>>>>>>
>>>>>>> Best regards,
>>>>>>> -Conor
>>>>>>>
>>>>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32
(Amazon Linux)
Posted by Hardibo Pierre-Jean <co...@hardibopj.com>.
gdig2.crt is intermediate my_certificate must be the last to configure so i think bundle may be the root.
Le 04/06/2016 00:13, Conor Skyler a �crit :
> Hello Pierre,
>
> Yes, I contacted the technical support at GoDaddy and then basically told
> me that I'm on my own and that I should find someone that knows how to
> handle the configuration -- that's all the aid they gave me.
>
> I think that there two separate problems here.
> First one, the mismatch between the files I receive zipped and the ones
> referred in the website when it reads:
>
> "The file names for your root and intermediate certificates depend on your
> signature algorithm.
>
> - SHA-1 root certificate: gd_class2_root.crt
> - SHA-2 root certificate: gdroot-g2.crt
> - SHA-1 intermediate certificate: gd.intermediate.crt
> - SHA-2 intermediate certificate: gdig2.crt
> - (*Java 6/7 only*) SHA-2 Root Certificate: gdroot-g2_cross.crt"
>
> But the files I get when I unzip the downloaded archive are:
>
> my_certificate.crt
> gd_bundle-g2-g1.crt
> gdig2.crt
>
> So first thing here is that I don't how to use them when following the
> instructions stated on the site (the only one I can identify is
> my_certificate.crt).
>
> With the second issue my guess is that it might be related to the KeyStore
> file not holding the private key:
> I wasn't given the original tomcat.keystore file (following the example on
> GoDaddy's website) so here I'm starting from the scratch, generating a new
> KeyStore.
> What I have though is a PEM file from the person I presume the .csr request
> file; is there a way to add it to the KeyStore file I create when following
> the instructions on GoDaddy's site?
>
> Thank you very much for stepping in!
> -Conor
>
>
>
> On Fri, Jun 3, 2016 at 6:09 PM, Hardibo Pierre-Jean <co...@hardibopj.com>
> wrote:
>
>> there's all here no ?
>>
>> https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
>>
>> Le 03/06/2016 22:37, Conor Skyler a �crit :
>>
>>> Hi again,
>>>
>>> At this point I don't know what else to try: I carefully gone through the
>>> process stated at GoDaddy's website once again trying different
>>> combinations with the certificates (as the instructions provided by
>>> GoDaddy
>>> doesn't match the certificates you download) but the result was the same
>>> as before, it didn't work.
>>>
>>> Early today I found this post in StackOverflow:
>>>
>>> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
>>> which somehow brought some hope to me as the title states literally the
>>> issue I'm having: '
>>>
>>> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
>>> '
>>>
>>> Sadly after trying everything what's shown there and reading tons of stuff
>>> I still can't make the KeyStore work with my Tomcat server.
>>>
>>> Any help will be greatly appreciated.
>>> -Conor
>>>
>>>
>>>
>>> On Wed, Jun 1, 2016 at 6:12 PM, Conor Skyler <co...@gmail.com>
>>> wrote:
>>>
>>> Hi Daniel,
>>>> Thank you very much for stepping in, I\u2019m processing a new set of
>>>> certificates that I hope to try tomorrow.
>>>>
>>>> Warm regards,
>>>> -Conor
>>>>
>>>>
>>>> On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa <dm...@pivotal.io>
>>>> wrote:
>>>>
>>>> On Mon, May 30, 2016 at 11:26 PM, Conor Skyler <co...@gmail.com>
>>>>> wrote:
>>>>>
>>>>> Hello list,
>>>>>> I'm trying to install the certificates I bought from GoDaddy into my
>>>>>>
>>>>> Tomcat
>>>>>
>>>>>> server, however so far I've been unsuccessful to achieve this.
>>>>>>
>>>>>> My system specs are:
>>>>>> OS: Amazon Linux (fully updated)
>>>>>> Tomcat version: 8.0.32, installed from the repos
>>>>>> Java version: $ java -version
>>>>>> openjdk version "1.8.0_91"
>>>>>> OpenJDK Runtime Environment (build 1.8.0_91-b14)
>>>>>> OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
>>>>>>
>>>>>> To install the certificates I followed this tutorial from GoDaddy
>>>>>>
>>>>> website:
>>>>>
>>>>>>
>>>>> https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
>>>>>
>>>>>> which explains how to create a KeyStore and configure the <Connector>
>>>>>> in
>>>>>> the server.xml file.
>>>>>>
>>>>>> Follow these instructions.
>>>>>
>>>>> Now, judging from the official Tomcat documentation in
>>>>>> https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
>>>>>>
>>>>> that I
>>>>>
>>>>>> first need to conver the .crt files provided by GoDaddy to PKCS12
>>>>>>
>>>>> format --
>>>>>
>>>>>> I wonder then why the instructions in GoDaddy's website state other
>>>>>>
>>>>> thing!
>>>>> There's more than one way to do this. If you started out by following
>>>>> the
>>>>> GoDaddy instructions to generate your CSR, then continue to follow them
>>>>> to
>>>>> import your signed certificate.
>>>>>
>>>>>
>>>>> But then I read this piece of documentation that left me completely
>>>>>> bewildered:
>>>>>> To import an existing certificate signed by your own CA into a PKCS12
>>>>>> keystore using OpenSSL you would execute a command like:
>>>>>>
>>>>>> openssl pkcs12 -export -in mycert.crt -inkey mykey.key
>>>>>> -out mycert.p12 -name tomcat -CAfile myCA.crt
>>>>>> -caname root -chain
>>>>>>
>>>>>> In this example there's a reference to a 'mykey.key' file that I don't
>>>>>> have a clue how to obtain it or from where it comes since when I
>>>>>> download the certificates provided by GoDaddy, there's no such .key
>>>>>> file: I can download several different types of certificates in .crt
>>>>>> format but there isn't any .key file to download.
>>>>>>
>>>>>> This has to do with the way that you generated the CSR. The GoDaddy
>>>>> instructions have you using keytool and a keystore. In this case, your
>>>>> private key will exist in the keystore, so you won't have a .key file
>>>>> and
>>>>> that's OK.
>>>>>
>>>>>
>>>>> I tried contacting their support and well, they weren't any helpful at
>>>>>> all, they pointed me to the repository where all the certificates are
>>>>>> stored and told me to 'find someone that knows how to handle them' --
>>>>>> thanks for nothing :(
>>>>>>
>>>>>> Finally I want to say that I have Tomcat running smooth at port 8080,
>>>>>> I even configured an administrator user to access the status page
>>>>>> which works perfectly, my problem is that I just can't find how to
>>>>>> properly install and configure the SSL.
>>>>>>
>>>>>> Follow the GoDaddy instructions. They should work. If you get stuck
>>>>> on a
>>>>> specific step, let us know.
>>>>>
>>>>> Dan
>>>>>
>>>>>
>>>>> What I'm not sure though is what part or steps I'm missing, I believe
>>>>>> this has to be much more simpler that it's been so far for me but
>>>>>> seriously I can't wrap my mind around it.
>>>>>>
>>>>>> Thank you very much for taking the time to read this n00b's help
>>>>>> scream.
>>>>>>
>>>>>> Best regards,
>>>>>> -Conor
>>>>>>
>>>>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32
(Amazon Linux)
Posted by Conor Skyler <co...@gmail.com>.
Hello Pierre,
Yes, I contacted the technical support at GoDaddy and then basically told
me that I'm on my own and that I should find someone that knows how to
handle the configuration -- that's all the aid they gave me.
I think that there two separate problems here.
First one, the mismatch between the files I receive zipped and the ones
referred in the website when it reads:
"The file names for your root and intermediate certificates depend on your
signature algorithm.
- SHA-1 root certificate: gd_class2_root.crt
- SHA-2 root certificate: gdroot-g2.crt
- SHA-1 intermediate certificate: gd.intermediate.crt
- SHA-2 intermediate certificate: gdig2.crt
- (*Java 6/7 only*) SHA-2 Root Certificate: gdroot-g2_cross.crt"
But the files I get when I unzip the downloaded archive are:
my_certificate.crt
gd_bundle-g2-g1.crt
gdig2.crt
So first thing here is that I don't how to use them when following the
instructions stated on the site (the only one I can identify is
my_certificate.crt).
With the second issue my guess is that it might be related to the KeyStore
file not holding the private key:
I wasn't given the original tomcat.keystore file (following the example on
GoDaddy's website) so here I'm starting from the scratch, generating a new
KeyStore.
What I have though is a PEM file from the person I presume the .csr request
file; is there a way to add it to the KeyStore file I create when following
the instructions on GoDaddy's site?
Thank you very much for stepping in!
-Conor
On Fri, Jun 3, 2016 at 6:09 PM, Hardibo Pierre-Jean <co...@hardibopj.com>
wrote:
> there's all here no ?
>
> https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
>
> Le 03/06/2016 22:37, Conor Skyler a écrit :
>
>> Hi again,
>>
>> At this point I don't know what else to try: I carefully gone through the
>> process stated at GoDaddy's website once again trying different
>> combinations with the certificates (as the instructions provided by
>> GoDaddy
>> doesn't match the certificates you download) but the result was the same
>> as before, it didn't work.
>>
>> Early today I found this post in StackOverflow:
>>
>> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
>> which somehow brought some hope to me as the title states literally the
>> issue I'm having: '
>>
>> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
>> '
>>
>> Sadly after trying everything what's shown there and reading tons of stuff
>> I still can't make the KeyStore work with my Tomcat server.
>>
>> Any help will be greatly appreciated.
>> -Conor
>>
>>
>>
>> On Wed, Jun 1, 2016 at 6:12 PM, Conor Skyler <co...@gmail.com>
>> wrote:
>>
>> Hi Daniel,
>>>
>>> Thank you very much for stepping in, I’m processing a new set of
>>> certificates that I hope to try tomorrow.
>>>
>>> Warm regards,
>>> -Conor
>>>
>>>
>>> On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa <dm...@pivotal.io>
>>> wrote:
>>>
>>> On Mon, May 30, 2016 at 11:26 PM, Conor Skyler <co...@gmail.com>
>>>> wrote:
>>>>
>>>> Hello list,
>>>>>
>>>>> I'm trying to install the certificates I bought from GoDaddy into my
>>>>>
>>>> Tomcat
>>>>
>>>>> server, however so far I've been unsuccessful to achieve this.
>>>>>
>>>>> My system specs are:
>>>>> OS: Amazon Linux (fully updated)
>>>>> Tomcat version: 8.0.32, installed from the repos
>>>>> Java version: $ java -version
>>>>> openjdk version "1.8.0_91"
>>>>> OpenJDK Runtime Environment (build 1.8.0_91-b14)
>>>>> OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
>>>>>
>>>>> To install the certificates I followed this tutorial from GoDaddy
>>>>>
>>>> website:
>>>>
>>>>>
>>>>>
>>>> https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
>>>>
>>>>> which explains how to create a KeyStore and configure the <Connector>
>>>>> in
>>>>> the server.xml file.
>>>>>
>>>>> Follow these instructions.
>>>>
>>>>
>>>> Now, judging from the official Tomcat documentation in
>>>>> https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
>>>>>
>>>> that I
>>>>
>>>>> first need to conver the .crt files provided by GoDaddy to PKCS12
>>>>>
>>>> format --
>>>>
>>>>> I wonder then why the instructions in GoDaddy's website state other
>>>>>
>>>> thing!
>>>> There's more than one way to do this. If you started out by following
>>>> the
>>>> GoDaddy instructions to generate your CSR, then continue to follow them
>>>> to
>>>> import your signed certificate.
>>>>
>>>>
>>>> But then I read this piece of documentation that left me completely
>>>>> bewildered:
>>>>> To import an existing certificate signed by your own CA into a PKCS12
>>>>> keystore using OpenSSL you would execute a command like:
>>>>>
>>>>> openssl pkcs12 -export -in mycert.crt -inkey mykey.key
>>>>> -out mycert.p12 -name tomcat -CAfile myCA.crt
>>>>> -caname root -chain
>>>>>
>>>>> In this example there's a reference to a 'mykey.key' file that I don't
>>>>> have a clue how to obtain it or from where it comes since when I
>>>>> download the certificates provided by GoDaddy, there's no such .key
>>>>> file: I can download several different types of certificates in .crt
>>>>> format but there isn't any .key file to download.
>>>>>
>>>>> This has to do with the way that you generated the CSR. The GoDaddy
>>>> instructions have you using keytool and a keystore. In this case, your
>>>> private key will exist in the keystore, so you won't have a .key file
>>>> and
>>>> that's OK.
>>>>
>>>>
>>>> I tried contacting their support and well, they weren't any helpful at
>>>>> all, they pointed me to the repository where all the certificates are
>>>>> stored and told me to 'find someone that knows how to handle them' --
>>>>> thanks for nothing :(
>>>>>
>>>>> Finally I want to say that I have Tomcat running smooth at port 8080,
>>>>> I even configured an administrator user to access the status page
>>>>> which works perfectly, my problem is that I just can't find how to
>>>>> properly install and configure the SSL.
>>>>>
>>>>> Follow the GoDaddy instructions. They should work. If you get stuck
>>>> on a
>>>> specific step, let us know.
>>>>
>>>> Dan
>>>>
>>>>
>>>> What I'm not sure though is what part or steps I'm missing, I believe
>>>>> this has to be much more simpler that it's been so far for me but
>>>>> seriously I can't wrap my mind around it.
>>>>>
>>>>> Thank you very much for taking the time to read this n00b's help
>>>>> scream.
>>>>>
>>>>> Best regards,
>>>>> -Conor
>>>>>
>>>>>
>>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32
(Amazon Linux)
Posted by Hardibo Pierre-Jean <co...@hardibopj.com>.
there's all here no ?
https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
Le 03/06/2016 22:37, Conor Skyler a �crit :
> Hi again,
>
> At this point I don't know what else to try: I carefully gone through the
> process stated at GoDaddy's website once again trying different
> combinations with the certificates (as the instructions provided by GoDaddy
> doesn't match the certificates you download) but the result was the same
> as before, it didn't work.
>
> Early today I found this post in StackOverflow:
> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
> which somehow brought some hope to me as the title states literally the
> issue I'm having: '
> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
> '
>
> Sadly after trying everything what's shown there and reading tons of stuff
> I still can't make the KeyStore work with my Tomcat server.
>
> Any help will be greatly appreciated.
> -Conor
>
>
>
> On Wed, Jun 1, 2016 at 6:12 PM, Conor Skyler <co...@gmail.com> wrote:
>
>> Hi Daniel,
>>
>> Thank you very much for stepping in, I\u2019m processing a new set of
>> certificates that I hope to try tomorrow.
>>
>> Warm regards,
>> -Conor
>>
>>
>> On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa <dm...@pivotal.io> wrote:
>>
>>> On Mon, May 30, 2016 at 11:26 PM, Conor Skyler <co...@gmail.com>
>>> wrote:
>>>
>>>> Hello list,
>>>>
>>>> I'm trying to install the certificates I bought from GoDaddy into my
>>> Tomcat
>>>> server, however so far I've been unsuccessful to achieve this.
>>>>
>>>> My system specs are:
>>>> OS: Amazon Linux (fully updated)
>>>> Tomcat version: 8.0.32, installed from the repos
>>>> Java version: $ java -version
>>>> openjdk version "1.8.0_91"
>>>> OpenJDK Runtime Environment (build 1.8.0_91-b14)
>>>> OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
>>>>
>>>> To install the certificates I followed this tutorial from GoDaddy
>>> website:
>>>>
>>> https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
>>>> which explains how to create a KeyStore and configure the <Connector> in
>>>> the server.xml file.
>>>>
>>> Follow these instructions.
>>>
>>>
>>>> Now, judging from the official Tomcat documentation in
>>>> https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
>>> that I
>>>> first need to conver the .crt files provided by GoDaddy to PKCS12
>>> format --
>>>> I wonder then why the instructions in GoDaddy's website state other
>>> thing!
>>> There's more than one way to do this. If you started out by following the
>>> GoDaddy instructions to generate your CSR, then continue to follow them to
>>> import your signed certificate.
>>>
>>>
>>>> But then I read this piece of documentation that left me completely
>>>> bewildered:
>>>> To import an existing certificate signed by your own CA into a PKCS12
>>>> keystore using OpenSSL you would execute a command like:
>>>>
>>>> openssl pkcs12 -export -in mycert.crt -inkey mykey.key
>>>> -out mycert.p12 -name tomcat -CAfile myCA.crt
>>>> -caname root -chain
>>>>
>>>> In this example there's a reference to a 'mykey.key' file that I don't
>>>> have a clue how to obtain it or from where it comes since when I
>>>> download the certificates provided by GoDaddy, there's no such .key
>>>> file: I can download several different types of certificates in .crt
>>>> format but there isn't any .key file to download.
>>>>
>>> This has to do with the way that you generated the CSR. The GoDaddy
>>> instructions have you using keytool and a keystore. In this case, your
>>> private key will exist in the keystore, so you won't have a .key file and
>>> that's OK.
>>>
>>>
>>>> I tried contacting their support and well, they weren't any helpful at
>>>> all, they pointed me to the repository where all the certificates are
>>>> stored and told me to 'find someone that knows how to handle them' --
>>>> thanks for nothing :(
>>>>
>>>> Finally I want to say that I have Tomcat running smooth at port 8080,
>>>> I even configured an administrator user to access the status page
>>>> which works perfectly, my problem is that I just can't find how to
>>>> properly install and configure the SSL.
>>>>
>>> Follow the GoDaddy instructions. They should work. If you get stuck on a
>>> specific step, let us know.
>>>
>>> Dan
>>>
>>>
>>>> What I'm not sure though is what part or steps I'm missing, I believe
>>>> this has to be much more simpler that it's been so far for me but
>>>> seriously I can't wrap my mind around it.
>>>>
>>>> Thank you very much for taking the time to read this n00b's help scream.
>>>>
>>>> Best regards,
>>>> -Conor
>>>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32
(Amazon Linux)
Posted by Hardibo Pierre-Jean <co...@hardibopj.com>.
godaddy didn't give you instructions ?
Le 03/06/2016 22:37, Conor Skyler a �crit :
> Hi again,
>
> At this point I don't know what else to try: I carefully gone through the
> process stated at GoDaddy's website once again trying different
> combinations with the certificates (as the instructions provided by GoDaddy
> doesn't match the certificates you download) but the result was the same
> as before, it didn't work.
>
> Early today I found this post in StackOverflow:
> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
> which somehow brought some hope to me as the title states literally the
> issue I'm having: '
> http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
> '
>
> Sadly after trying everything what's shown there and reading tons of stuff
> I still can't make the KeyStore work with my Tomcat server.
>
> Any help will be greatly appreciated.
> -Conor
>
>
>
> On Wed, Jun 1, 2016 at 6:12 PM, Conor Skyler <co...@gmail.com> wrote:
>
>> Hi Daniel,
>>
>> Thank you very much for stepping in, I\u2019m processing a new set of
>> certificates that I hope to try tomorrow.
>>
>> Warm regards,
>> -Conor
>>
>>
>> On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa <dm...@pivotal.io> wrote:
>>
>>> On Mon, May 30, 2016 at 11:26 PM, Conor Skyler <co...@gmail.com>
>>> wrote:
>>>
>>>> Hello list,
>>>>
>>>> I'm trying to install the certificates I bought from GoDaddy into my
>>> Tomcat
>>>> server, however so far I've been unsuccessful to achieve this.
>>>>
>>>> My system specs are:
>>>> OS: Amazon Linux (fully updated)
>>>> Tomcat version: 8.0.32, installed from the repos
>>>> Java version: $ java -version
>>>> openjdk version "1.8.0_91"
>>>> OpenJDK Runtime Environment (build 1.8.0_91-b14)
>>>> OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
>>>>
>>>> To install the certificates I followed this tutorial from GoDaddy
>>> website:
>>>>
>>> https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
>>>> which explains how to create a KeyStore and configure the <Connector> in
>>>> the server.xml file.
>>>>
>>> Follow these instructions.
>>>
>>>
>>>> Now, judging from the official Tomcat documentation in
>>>> https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
>>> that I
>>>> first need to conver the .crt files provided by GoDaddy to PKCS12
>>> format --
>>>> I wonder then why the instructions in GoDaddy's website state other
>>> thing!
>>> There's more than one way to do this. If you started out by following the
>>> GoDaddy instructions to generate your CSR, then continue to follow them to
>>> import your signed certificate.
>>>
>>>
>>>> But then I read this piece of documentation that left me completely
>>>> bewildered:
>>>> To import an existing certificate signed by your own CA into a PKCS12
>>>> keystore using OpenSSL you would execute a command like:
>>>>
>>>> openssl pkcs12 -export -in mycert.crt -inkey mykey.key
>>>> -out mycert.p12 -name tomcat -CAfile myCA.crt
>>>> -caname root -chain
>>>>
>>>> In this example there's a reference to a 'mykey.key' file that I don't
>>>> have a clue how to obtain it or from where it comes since when I
>>>> download the certificates provided by GoDaddy, there's no such .key
>>>> file: I can download several different types of certificates in .crt
>>>> format but there isn't any .key file to download.
>>>>
>>> This has to do with the way that you generated the CSR. The GoDaddy
>>> instructions have you using keytool and a keystore. In this case, your
>>> private key will exist in the keystore, so you won't have a .key file and
>>> that's OK.
>>>
>>>
>>>> I tried contacting their support and well, they weren't any helpful at
>>>> all, they pointed me to the repository where all the certificates are
>>>> stored and told me to 'find someone that knows how to handle them' --
>>>> thanks for nothing :(
>>>>
>>>> Finally I want to say that I have Tomcat running smooth at port 8080,
>>>> I even configured an administrator user to access the status page
>>>> which works perfectly, my problem is that I just can't find how to
>>>> properly install and configure the SSL.
>>>>
>>> Follow the GoDaddy instructions. They should work. If you get stuck on a
>>> specific step, let us know.
>>>
>>> Dan
>>>
>>>
>>>> What I'm not sure though is what part or steps I'm missing, I believe
>>>> this has to be much more simpler that it's been so far for me but
>>>> seriously I can't wrap my mind around it.
>>>>
>>>> Thank you very much for taking the time to read this n00b's help scream.
>>>>
>>>> Best regards,
>>>> -Conor
>>>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32
(Amazon Linux)
Posted by Conor Skyler <co...@gmail.com>.
Hi again,
At this point I don't know what else to try: I carefully gone through the
process stated at GoDaddy's website once again trying different
combinations with the certificates (as the instructions provided by GoDaddy
doesn't match the certificates you download) but the result was the same
as before, it didn't work.
Early today I found this post in StackOverflow:
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
which somehow brought some hope to me as the title states literally the
issue I'm having: '
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
'
Sadly after trying everything what's shown there and reading tons of stuff
I still can't make the KeyStore work with my Tomcat server.
Any help will be greatly appreciated.
-Conor
On Wed, Jun 1, 2016 at 6:12 PM, Conor Skyler <co...@gmail.com> wrote:
> Hi Daniel,
>
> Thank you very much for stepping in, I’m processing a new set of
> certificates that I hope to try tomorrow.
>
> Warm regards,
> -Conor
>
>
> On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa <dm...@pivotal.io> wrote:
>
>> On Mon, May 30, 2016 at 11:26 PM, Conor Skyler <co...@gmail.com>
>> wrote:
>>
>> > Hello list,
>> >
>> > I'm trying to install the certificates I bought from GoDaddy into my
>> Tomcat
>> > server, however so far I've been unsuccessful to achieve this.
>> >
>> > My system specs are:
>> > OS: Amazon Linux (fully updated)
>> > Tomcat version: 8.0.32, installed from the repos
>> > Java version: $ java -version
>> > openjdk version "1.8.0_91"
>> > OpenJDK Runtime Environment (build 1.8.0_91-b14)
>> > OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
>> >
>> > To install the certificates I followed this tutorial from GoDaddy
>> website:
>> >
>> >
>> https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
>> > which explains how to create a KeyStore and configure the <Connector> in
>> > the server.xml file.
>> >
>>
>> Follow these instructions.
>>
>>
>> >
>> > Now, judging from the official Tomcat documentation in
>> > https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
>> that I
>> > first need to conver the .crt files provided by GoDaddy to PKCS12
>> format --
>> > I wonder then why the instructions in GoDaddy's website state other
>> thing!
>> >
>>
>> There's more than one way to do this. If you started out by following the
>> GoDaddy instructions to generate your CSR, then continue to follow them to
>> import your signed certificate.
>>
>>
>> >
>> > But then I read this piece of documentation that left me completely
>> > bewildered:
>> > To import an existing certificate signed by your own CA into a PKCS12
>> > keystore using OpenSSL you would execute a command like:
>> >
>> > openssl pkcs12 -export -in mycert.crt -inkey mykey.key
>> > -out mycert.p12 -name tomcat -CAfile myCA.crt
>> > -caname root -chain
>> >
>> > In this example there's a reference to a 'mykey.key' file that I don't
>> > have a clue how to obtain it or from where it comes since when I
>> > download the certificates provided by GoDaddy, there's no such .key
>> > file: I can download several different types of certificates in .crt
>> > format but there isn't any .key file to download.
>> >
>>
>> This has to do with the way that you generated the CSR. The GoDaddy
>> instructions have you using keytool and a keystore. In this case, your
>> private key will exist in the keystore, so you won't have a .key file and
>> that's OK.
>>
>>
>> >
>> > I tried contacting their support and well, they weren't any helpful at
>> > all, they pointed me to the repository where all the certificates are
>> > stored and told me to 'find someone that knows how to handle them' --
>> > thanks for nothing :(
>> >
>> > Finally I want to say that I have Tomcat running smooth at port 8080,
>> > I even configured an administrator user to access the status page
>> > which works perfectly, my problem is that I just can't find how to
>> > properly install and configure the SSL.
>> >
>>
>> Follow the GoDaddy instructions. They should work. If you get stuck on a
>> specific step, let us know.
>>
>> Dan
>>
>>
>> >
>> > What I'm not sure though is what part or steps I'm missing, I believe
>> > this has to be much more simpler that it's been so far for me but
>> > seriously I can't wrap my mind around it.
>> >
>> > Thank you very much for taking the time to read this n00b's help scream.
>> >
>> > Best regards,
>> > -Conor
>> >
>>
>
>
Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32
(Amazon Linux)
Posted by Conor Skyler <co...@gmail.com>.
Hi Daniel,
Thank you very much for stepping in, I’m processing a new set of
certificates that I hope to try tomorrow.
Warm regards,
-Conor
On Tue, May 31, 2016 at 8:41 AM, Daniel Mikusa <dm...@pivotal.io> wrote:
> On Mon, May 30, 2016 at 11:26 PM, Conor Skyler <co...@gmail.com>
> wrote:
>
> > Hello list,
> >
> > I'm trying to install the certificates I bought from GoDaddy into my
> Tomcat
> > server, however so far I've been unsuccessful to achieve this.
> >
> > My system specs are:
> > OS: Amazon Linux (fully updated)
> > Tomcat version: 8.0.32, installed from the repos
> > Java version: $ java -version
> > openjdk version "1.8.0_91"
> > OpenJDK Runtime Environment (build 1.8.0_91-b14)
> > OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
> >
> > To install the certificates I followed this tutorial from GoDaddy
> website:
> >
> >
> https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
> > which explains how to create a KeyStore and configure the <Connector> in
> > the server.xml file.
> >
>
> Follow these instructions.
>
>
> >
> > Now, judging from the official Tomcat documentation in
> > https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
> that I
> > first need to conver the .crt files provided by GoDaddy to PKCS12 format
> --
> > I wonder then why the instructions in GoDaddy's website state other
> thing!
> >
>
> There's more than one way to do this. If you started out by following the
> GoDaddy instructions to generate your CSR, then continue to follow them to
> import your signed certificate.
>
>
> >
> > But then I read this piece of documentation that left me completely
> > bewildered:
> > To import an existing certificate signed by your own CA into a PKCS12
> > keystore using OpenSSL you would execute a command like:
> >
> > openssl pkcs12 -export -in mycert.crt -inkey mykey.key
> > -out mycert.p12 -name tomcat -CAfile myCA.crt
> > -caname root -chain
> >
> > In this example there's a reference to a 'mykey.key' file that I don't
> > have a clue how to obtain it or from where it comes since when I
> > download the certificates provided by GoDaddy, there's no such .key
> > file: I can download several different types of certificates in .crt
> > format but there isn't any .key file to download.
> >
>
> This has to do with the way that you generated the CSR. The GoDaddy
> instructions have you using keytool and a keystore. In this case, your
> private key will exist in the keystore, so you won't have a .key file and
> that's OK.
>
>
> >
> > I tried contacting their support and well, they weren't any helpful at
> > all, they pointed me to the repository where all the certificates are
> > stored and told me to 'find someone that knows how to handle them' --
> > thanks for nothing :(
> >
> > Finally I want to say that I have Tomcat running smooth at port 8080,
> > I even configured an administrator user to access the status page
> > which works perfectly, my problem is that I just can't find how to
> > properly install and configure the SSL.
> >
>
> Follow the GoDaddy instructions. They should work. If you get stuck on a
> specific step, let us know.
>
> Dan
>
>
> >
> > What I'm not sure though is what part or steps I'm missing, I believe
> > this has to be much more simpler that it's been so far for me but
> > seriously I can't wrap my mind around it.
> >
> > Thank you very much for taking the time to read this n00b's help scream.
> >
> > Best regards,
> > -Conor
> >
>
Re: Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32
(Amazon Linux)
Posted by Daniel Mikusa <dm...@pivotal.io>.
On Mon, May 30, 2016 at 11:26 PM, Conor Skyler <co...@gmail.com>
wrote:
> Hello list,
>
> I'm trying to install the certificates I bought from GoDaddy into my Tomcat
> server, however so far I've been unsuccessful to achieve this.
>
> My system specs are:
> OS: Amazon Linux (fully updated)
> Tomcat version: 8.0.32, installed from the repos
> Java version: $ java -version
> openjdk version "1.8.0_91"
> OpenJDK Runtime Environment (build 1.8.0_91-b14)
> OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
>
> To install the certificates I followed this tutorial from GoDaddy website:
>
> https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
> which explains how to create a KeyStore and configure the <Connector> in
> the server.xml file.
>
Follow these instructions.
>
> Now, judging from the official Tomcat documentation in
> https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated that I
> first need to conver the .crt files provided by GoDaddy to PKCS12 format --
> I wonder then why the instructions in GoDaddy's website state other thing!
>
There's more than one way to do this. If you started out by following the
GoDaddy instructions to generate your CSR, then continue to follow them to
import your signed certificate.
>
> But then I read this piece of documentation that left me completely
> bewildered:
> To import an existing certificate signed by your own CA into a PKCS12
> keystore using OpenSSL you would execute a command like:
>
> openssl pkcs12 -export -in mycert.crt -inkey mykey.key
> -out mycert.p12 -name tomcat -CAfile myCA.crt
> -caname root -chain
>
> In this example there's a reference to a 'mykey.key' file that I don't
> have a clue how to obtain it or from where it comes since when I
> download the certificates provided by GoDaddy, there's no such .key
> file: I can download several different types of certificates in .crt
> format but there isn't any .key file to download.
>
This has to do with the way that you generated the CSR. The GoDaddy
instructions have you using keytool and a keystore. In this case, your
private key will exist in the keystore, so you won't have a .key file and
that's OK.
>
> I tried contacting their support and well, they weren't any helpful at
> all, they pointed me to the repository where all the certificates are
> stored and told me to 'find someone that knows how to handle them' --
> thanks for nothing :(
>
> Finally I want to say that I have Tomcat running smooth at port 8080,
> I even configured an administrator user to access the status page
> which works perfectly, my problem is that I just can't find how to
> properly install and configure the SSL.
>
Follow the GoDaddy instructions. They should work. If you get stuck on a
specific step, let us know.
Dan
>
> What I'm not sure though is what part or steps I'm missing, I believe
> this has to be much more simpler that it's been so far for me but
> seriously I can't wrap my mind around it.
>
> Thank you very much for taking the time to read this n00b's help scream.
>
> Best regards,
> -Conor
>