[Cialug] Tomcat, anyone?

David Michael 1.david.michael at gmail.com
Thu Aug 23 14:00:30 UTC 2018


+1 for fronting it with a web server. I typically do this because getting
tomcat to listen on a privileged port (443) requires some dodgy/insecure
changes.

On Wed, Aug 22, 2018 at 2:45 PM Josh More <jmore at starmind.org> wrote:

> Most people I work with don't bother.
>
> Just set Tomcat to listen on localhost only and spin up Apache or Nginx as
> a proxy.  Then load the cert into the proxy and you're done.  As a bonus,
> you can also load mod_security into the proxy and get a free WAF out of the
> deal.
>
> -Josh More
>
> On Wed, Aug 22, 2018 at 2:26 PM, L. V. Lammert <lvl at omnitec.net> wrote:
>
> > Trying to replace the cert for a tomcat server, .. but it does not work.
> >
> > Does anyone know now to do a configuration verify to see what it is
> thinks
> > is broken?
> >
> > In the alternative, is something fundamentally wrong with the way I
> > created the .jks?
> >
> > openssl pkcs12 -export -out new.pkcs12 -in cert.pem -inkey server.key
> >
> > keytool -importkeystore -srckeystore new.pkcs12 -srcstoretype PKCS12 \
> > -deststoretype JKS -destkeystore server.jks
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> >
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>


More information about the Cialug mailing list