[Cialug] Tomcat, anyone?

Josh More jmore at starmind.org
Wed Aug 22 19:44:20 UTC 2018


Most people I work with don't bother.

Just set Tomcat to listen on localhost only and spin up Apache or Nginx as
a proxy.  Then load the cert into the proxy and you're done.  As a bonus,
you can also load mod_security into the proxy and get a free WAF out of the
deal.

-Josh More

On Wed, Aug 22, 2018 at 2:26 PM, L. V. Lammert <lvl at omnitec.net> wrote:

> Trying to replace the cert for a tomcat server, .. but it does not work.
>
> Does anyone know now to do a configuration verify to see what it is thinks
> is broken?
>
> In the alternative, is something fundamentally wrong with the way I
> created the .jks?
>
> openssl pkcs12 -export -out new.pkcs12 -in cert.pem -inkey server.key
>
> keytool -importkeystore -srckeystore new.pkcs12 -srcstoretype PKCS12 \
> -deststoretype JKS -destkeystore server.jks
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>


More information about the Cialug mailing list