[Cialug] Tomcat, anyone?
Josh More
jmore at starmind.org
Wed Aug 22 19:44:20 UTC 2018
Most people I work with don't bother.
Just set Tomcat to listen on localhost only and spin up Apache or Nginx as
a proxy. Then load the cert into the proxy and you're done. As a bonus,
you can also load mod_security into the proxy and get a free WAF out of the
deal.
-Josh More
On Wed, Aug 22, 2018 at 2:26 PM, L. V. Lammert <lvl at omnitec.net> wrote:
> Trying to replace the cert for a tomcat server, .. but it does not work.
>
> Does anyone know now to do a configuration verify to see what it is thinks
> is broken?
>
> In the alternative, is something fundamentally wrong with the way I
> created the .jks?
>
> openssl pkcs12 -export -out new.pkcs12 -in cert.pem -inkey server.key
>
> keytool -importkeystore -srckeystore new.pkcs12 -srcstoretype PKCS12 \
> -deststoretype JKS -destkeystore server.jks
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
More information about the Cialug
mailing list