Discussion:
Need help to install GoDaddy's SSL certificates on Tomcat 8.0.32 (Amazon Linux)
Conor Skyler
2016-05-31 03:26:46 UTC
Permalink
Hello list,

I'm trying to install the certificates I bought from GoDaddy into my Tomcat
server, however so far I've been unsuccessful to achieve this.

My system specs are:
OS: Amazon Linux (fully updated)
Tomcat version: 8.0.32, installed from the repos
Java version: $ java -version
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)

To install the certificates I followed this tutorial from GoDaddy website:
https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
which explains how to create a KeyStore and configure the <Connector> in
the server.xml file.

Now, judging from the official Tomcat documentation in
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated that I
first need to conver the .crt files provided by GoDaddy to PKCS12 format --
I wonder then why the instructions in GoDaddy's website state other thing!

But then I read this piece of documentation that left me completely
bewildered:
To import an existing certificate signed by your own CA into a PKCS12
keystore using OpenSSL you would execute a command like:

openssl pkcs12 -export -in mycert.crt -inkey mykey.key
-out mycert.p12 -name tomcat -CAfile myCA.crt
-caname root -chain

In this example there's a reference to a 'mykey.key' file that I don't
have a clue how to obtain it or from where it comes since when I
download the certificates provided by GoDaddy, there's no such .key
file: I can download several different types of certificates in .crt
format but there isn't any .key file to download.

I tried contacting their support and well, they weren't any helpful at
all, they pointed me to the repository where all the certificates are
stored and told me to 'find someone that knows how to handle them' --
thanks for nothing :(

Finally I want to say that I have Tomcat running smooth at port 8080,
I even configured an administrator user to access the status page
which works perfectly, my problem is that I just can't find how to
properly install and configure the SSL.

What I'm not sure though is what part or steps I'm missing, I believe
this has to be much more simpler that it's been so far for me but
seriously I can't wrap my mind around it.

Thank you very much for taking the time to read this n00b's help scream.

Best regards,
-Conor
Daniel Mikusa
2016-05-31 11:41:36 UTC
Permalink
Post by Conor Skyler
Hello list,
I'm trying to install the certificates I bought from GoDaddy into my Tomcat
server, however so far I've been unsuccessful to achieve this.
OS: Amazon Linux (fully updated)
Tomcat version: 8.0.32, installed from the repos
Java version: $ java -version
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
which explains how to create a KeyStore and configure the <Connector> in
the server.xml file.
Follow these instructions.
Post by Conor Skyler
Now, judging from the official Tomcat documentation in
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated that I
first need to conver the .crt files provided by GoDaddy to PKCS12 format --
I wonder then why the instructions in GoDaddy's website state other thing!
There's more than one way to do this. If you started out by following the
GoDaddy instructions to generate your CSR, then continue to follow them to
import your signed certificate.
Post by Conor Skyler
But then I read this piece of documentation that left me completely
To import an existing certificate signed by your own CA into a PKCS12
openssl pkcs12 -export -in mycert.crt -inkey mykey.key
-out mycert.p12 -name tomcat -CAfile myCA.crt
-caname root -chain
In this example there's a reference to a 'mykey.key' file that I don't
have a clue how to obtain it or from where it comes since when I
download the certificates provided by GoDaddy, there's no such .key
file: I can download several different types of certificates in .crt
format but there isn't any .key file to download.
This has to do with the way that you generated the CSR. The GoDaddy
instructions have you using keytool and a keystore. In this case, your
private key will exist in the keystore, so you won't have a .key file and
that's OK.
Post by Conor Skyler
I tried contacting their support and well, they weren't any helpful at
all, they pointed me to the repository where all the certificates are
stored and told me to 'find someone that knows how to handle them' --
thanks for nothing :(
Finally I want to say that I have Tomcat running smooth at port 8080,
I even configured an administrator user to access the status page
which works perfectly, my problem is that I just can't find how to
properly install and configure the SSL.
Follow the GoDaddy instructions. They should work. If you get stuck on a
specific step, let us know.

Dan
Post by Conor Skyler
What I'm not sure though is what part or steps I'm missing, I believe
this has to be much more simpler that it's been so far for me but
seriously I can't wrap my mind around it.
Thank you very much for taking the time to read this n00b's help scream.
Best regards,
-Conor
Conor Skyler
2016-06-01 21:12:46 UTC
Permalink
Hi Daniel,

Thank you very much for stepping in, I’m processing a new set of
certificates that I hope to try tomorrow.

Warm regards,
-Conor
Post by Conor Skyler
Post by Conor Skyler
Hello list,
I'm trying to install the certificates I bought from GoDaddy into my
Tomcat
Post by Conor Skyler
server, however so far I've been unsuccessful to achieve this.
OS: Amazon Linux (fully updated)
Tomcat version: 8.0.32, installed from the repos
Java version: $ java -version
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
To install the certificates I followed this tutorial from GoDaddy
https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
Post by Conor Skyler
which explains how to create a KeyStore and configure the <Connector> in
the server.xml file.
Follow these instructions.
Post by Conor Skyler
Now, judging from the official Tomcat documentation in
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
that I
Post by Conor Skyler
first need to conver the .crt files provided by GoDaddy to PKCS12 format
--
Post by Conor Skyler
I wonder then why the instructions in GoDaddy's website state other
thing!
There's more than one way to do this. If you started out by following the
GoDaddy instructions to generate your CSR, then continue to follow them to
import your signed certificate.
Post by Conor Skyler
But then I read this piece of documentation that left me completely
To import an existing certificate signed by your own CA into a PKCS12
openssl pkcs12 -export -in mycert.crt -inkey mykey.key
-out mycert.p12 -name tomcat -CAfile myCA.crt
-caname root -chain
In this example there's a reference to a 'mykey.key' file that I don't
have a clue how to obtain it or from where it comes since when I
download the certificates provided by GoDaddy, there's no such .key
file: I can download several different types of certificates in .crt
format but there isn't any .key file to download.
This has to do with the way that you generated the CSR. The GoDaddy
instructions have you using keytool and a keystore. In this case, your
private key will exist in the keystore, so you won't have a .key file and
that's OK.
Post by Conor Skyler
I tried contacting their support and well, they weren't any helpful at
all, they pointed me to the repository where all the certificates are
stored and told me to 'find someone that knows how to handle them' --
thanks for nothing :(
Finally I want to say that I have Tomcat running smooth at port 8080,
I even configured an administrator user to access the status page
which works perfectly, my problem is that I just can't find how to
properly install and configure the SSL.
Follow the GoDaddy instructions. They should work. If you get stuck on a
specific step, let us know.
Dan
Post by Conor Skyler
What I'm not sure though is what part or steps I'm missing, I believe
this has to be much more simpler that it's been so far for me but
seriously I can't wrap my mind around it.
Thank you very much for taking the time to read this n00b's help scream.
Best regards,
-Conor
Conor Skyler
2016-06-03 20:37:25 UTC
Permalink
Hi again,

At this point I don't know what else to try: I carefully gone through the
process stated at GoDaddy's website once again trying different
combinations with the certificates (as the instructions provided by GoDaddy
doesn't match the certificates you download) but the result was the same
as before, it didn't work.

Early today I found this post in StackOverflow:
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
which somehow brought some hope to me as the title states literally the
issue I'm having: '
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
'

Sadly after trying everything what's shown there and reading tons of stuff
I still can't make the KeyStore work with my Tomcat server.

Any help will be greatly appreciated.
-Conor
Post by Conor Skyler
Hi Daniel,
Thank you very much for stepping in, I’m processing a new set of
certificates that I hope to try tomorrow.
Warm regards,
-Conor
Post by Conor Skyler
Post by Conor Skyler
Hello list,
I'm trying to install the certificates I bought from GoDaddy into my
Tomcat
Post by Conor Skyler
server, however so far I've been unsuccessful to achieve this.
OS: Amazon Linux (fully updated)
Tomcat version: 8.0.32, installed from the repos
Java version: $ java -version
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
To install the certificates I followed this tutorial from GoDaddy
https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
Post by Conor Skyler
which explains how to create a KeyStore and configure the <Connector> in
the server.xml file.
Follow these instructions.
Post by Conor Skyler
Now, judging from the official Tomcat documentation in
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
that I
Post by Conor Skyler
first need to conver the .crt files provided by GoDaddy to PKCS12
format --
Post by Conor Skyler
I wonder then why the instructions in GoDaddy's website state other
thing!
There's more than one way to do this. If you started out by following the
GoDaddy instructions to generate your CSR, then continue to follow them to
import your signed certificate.
Post by Conor Skyler
But then I read this piece of documentation that left me completely
To import an existing certificate signed by your own CA into a PKCS12
openssl pkcs12 -export -in mycert.crt -inkey mykey.key
-out mycert.p12 -name tomcat -CAfile myCA.crt
-caname root -chain
In this example there's a reference to a 'mykey.key' file that I don't
have a clue how to obtain it or from where it comes since when I
download the certificates provided by GoDaddy, there's no such .key
file: I can download several different types of certificates in .crt
format but there isn't any .key file to download.
This has to do with the way that you generated the CSR. The GoDaddy
instructions have you using keytool and a keystore. In this case, your
private key will exist in the keystore, so you won't have a .key file and
that's OK.
Post by Conor Skyler
I tried contacting their support and well, they weren't any helpful at
all, they pointed me to the repository where all the certificates are
stored and told me to 'find someone that knows how to handle them' --
thanks for nothing :(
Finally I want to say that I have Tomcat running smooth at port 8080,
I even configured an administrator user to access the status page
which works perfectly, my problem is that I just can't find how to
properly install and configure the SSL.
Follow the GoDaddy instructions. They should work. If you get stuck on a
specific step, let us know.
Dan
Post by Conor Skyler
What I'm not sure though is what part or steps I'm missing, I believe
this has to be much more simpler that it's been so far for me but
seriously I can't wrap my mind around it.
Thank you very much for taking the time to read this n00b's help scream.
Best regards,
-Conor
Hardibo Pierre-Jean
2016-06-03 21:04:08 UTC
Permalink
godaddy didn't give you instructions ?
Post by Conor Skyler
Hi again,
At this point I don't know what else to try: I carefully gone through the
process stated at GoDaddy's website once again trying different
combinations with the certificates (as the instructions provided by GoDaddy
doesn't match the certificates you download) but the result was the same
as before, it didn't work.
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
which somehow brought some hope to me as the title states literally the
issue I'm having: '
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
'
Sadly after trying everything what's shown there and reading tons of stuff
I still can't make the KeyStore work with my Tomcat server.
Any help will be greatly appreciated.
-Conor
Post by Conor Skyler
Hi Daniel,
Thank you very much for stepping in, I’m processing a new set of
certificates that I hope to try tomorrow.
Warm regards,
-Conor
Post by Conor Skyler
Post by Conor Skyler
Hello list,
I'm trying to install the certificates I bought from GoDaddy into my
Tomcat
Post by Conor Skyler
server, however so far I've been unsuccessful to achieve this.
OS: Amazon Linux (fully updated)
Tomcat version: 8.0.32, installed from the repos
Java version: $ java -version
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
To install the certificates I followed this tutorial from GoDaddy
https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
Post by Conor Skyler
which explains how to create a KeyStore and configure the <Connector> in
the server.xml file.
Follow these instructions.
Post by Conor Skyler
Now, judging from the official Tomcat documentation in
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
that I
Post by Conor Skyler
first need to conver the .crt files provided by GoDaddy to PKCS12
format --
Post by Conor Skyler
I wonder then why the instructions in GoDaddy's website state other
thing!
There's more than one way to do this. If you started out by following the
GoDaddy instructions to generate your CSR, then continue to follow them to
import your signed certificate.
Post by Conor Skyler
But then I read this piece of documentation that left me completely
To import an existing certificate signed by your own CA into a PKCS12
openssl pkcs12 -export -in mycert.crt -inkey mykey.key
-out mycert.p12 -name tomcat -CAfile myCA.crt
-caname root -chain
In this example there's a reference to a 'mykey.key' file that I don't
have a clue how to obtain it or from where it comes since when I
download the certificates provided by GoDaddy, there's no such .key
file: I can download several different types of certificates in .crt
format but there isn't any .key file to download.
This has to do with the way that you generated the CSR. The GoDaddy
instructions have you using keytool and a keystore. In this case, your
private key will exist in the keystore, so you won't have a .key file and
that's OK.
Post by Conor Skyler
I tried contacting their support and well, they weren't any helpful at
all, they pointed me to the repository where all the certificates are
stored and told me to 'find someone that knows how to handle them' --
thanks for nothing :(
Finally I want to say that I have Tomcat running smooth at port 8080,
I even configured an administrator user to access the status page
which works perfectly, my problem is that I just can't find how to
properly install and configure the SSL.
Follow the GoDaddy instructions. They should work. If you get stuck on a
specific step, let us know.
Dan
Post by Conor Skyler
What I'm not sure though is what part or steps I'm missing, I believe
this has to be much more simpler that it's been so far for me but
seriously I can't wrap my mind around it.
Thank you very much for taking the time to read this n00b's help scream.
Best regards,
-Conor
---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
Hardibo Pierre-Jean
2016-06-03 21:09:53 UTC
Permalink
there's all here no ?
https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
Post by Conor Skyler
Hi again,
At this point I don't know what else to try: I carefully gone through the
process stated at GoDaddy's website once again trying different
combinations with the certificates (as the instructions provided by GoDaddy
doesn't match the certificates you download) but the result was the same
as before, it didn't work.
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
which somehow brought some hope to me as the title states literally the
issue I'm having: '
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
'
Sadly after trying everything what's shown there and reading tons of stuff
I still can't make the KeyStore work with my Tomcat server.
Any help will be greatly appreciated.
-Conor
Post by Conor Skyler
Hi Daniel,
Thank you very much for stepping in, I’m processing a new set of
certificates that I hope to try tomorrow.
Warm regards,
-Conor
Post by Conor Skyler
Post by Conor Skyler
Hello list,
I'm trying to install the certificates I bought from GoDaddy into my
Tomcat
Post by Conor Skyler
server, however so far I've been unsuccessful to achieve this.
OS: Amazon Linux (fully updated)
Tomcat version: 8.0.32, installed from the repos
Java version: $ java -version
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
To install the certificates I followed this tutorial from GoDaddy
https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
Post by Conor Skyler
which explains how to create a KeyStore and configure the <Connector> in
the server.xml file.
Follow these instructions.
Post by Conor Skyler
Now, judging from the official Tomcat documentation in
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
that I
Post by Conor Skyler
first need to conver the .crt files provided by GoDaddy to PKCS12
format --
Post by Conor Skyler
I wonder then why the instructions in GoDaddy's website state other
thing!
There's more than one way to do this. If you started out by following the
GoDaddy instructions to generate your CSR, then continue to follow them to
import your signed certificate.
Post by Conor Skyler
But then I read this piece of documentation that left me completely
To import an existing certificate signed by your own CA into a PKCS12
openssl pkcs12 -export -in mycert.crt -inkey mykey.key
-out mycert.p12 -name tomcat -CAfile myCA.crt
-caname root -chain
In this example there's a reference to a 'mykey.key' file that I don't
have a clue how to obtain it or from where it comes since when I
download the certificates provided by GoDaddy, there's no such .key
file: I can download several different types of certificates in .crt
format but there isn't any .key file to download.
This has to do with the way that you generated the CSR. The GoDaddy
instructions have you using keytool and a keystore. In this case, your
private key will exist in the keystore, so you won't have a .key file and
that's OK.
Post by Conor Skyler
I tried contacting their support and well, they weren't any helpful at
all, they pointed me to the repository where all the certificates are
stored and told me to 'find someone that knows how to handle them' --
thanks for nothing :(
Finally I want to say that I have Tomcat running smooth at port 8080,
I even configured an administrator user to access the status page
which works perfectly, my problem is that I just can't find how to
properly install and configure the SSL.
Follow the GoDaddy instructions. They should work. If you get stuck on a
specific step, let us know.
Dan
Post by Conor Skyler
What I'm not sure though is what part or steps I'm missing, I believe
this has to be much more simpler that it's been so far for me but
seriously I can't wrap my mind around it.
Thank you very much for taking the time to read this n00b's help scream.
Best regards,
-Conor
---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
Conor Skyler
2016-06-03 22:13:43 UTC
Permalink
Hello Pierre,

Yes, I contacted the technical support at GoDaddy and then basically told
me that I'm on my own and that I should find someone that knows how to
handle the configuration -- that's all the aid they gave me.

I think that there two separate problems here.
First one, the mismatch between the files I receive zipped and the ones
referred in the website when it reads:

"The file names for your root and intermediate certificates depend on your
signature algorithm.

- SHA-1 root certificate: gd_class2_root.crt
- SHA-2 root certificate: gdroot-g2.crt
- SHA-1 intermediate certificate: gd.intermediate.crt
- SHA-2 intermediate certificate: gdig2.crt
- (*Java 6/7 only*) SHA-2 Root Certificate: gdroot-g2_cross.crt"

But the files I get when I unzip the downloaded archive are:

my_certificate.crt
gd_bundle-g2-g1.crt
gdig2.crt

So first thing here is that I don't how to use them when following the
instructions stated on the site (the only one I can identify is
my_certificate.crt).

With the second issue my guess is that it might be related to the KeyStore
file not holding the private key:
I wasn't given the original tomcat.keystore file (following the example on
GoDaddy's website) so here I'm starting from the scratch, generating a new
KeyStore.
What I have though is a PEM file from the person I presume the .csr request
file; is there a way to add it to the KeyStore file I create when following
the instructions on GoDaddy's site?

Thank you very much for stepping in!
-Conor
Post by Hardibo Pierre-Jean
there's all here no ?
https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
Post by Conor Skyler
Hi again,
At this point I don't know what else to try: I carefully gone through the
process stated at GoDaddy's website once again trying different
combinations with the certificates (as the instructions provided by GoDaddy
doesn't match the certificates you download) but the result was the same
as before, it didn't work.
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
which somehow brought some hope to me as the title states literally the
issue I'm having: '
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
'
Sadly after trying everything what's shown there and reading tons of stuff
I still can't make the KeyStore work with my Tomcat server.
Any help will be greatly appreciated.
-Conor
Hi Daniel,
Post by Conor Skyler
Thank you very much for stepping in, I’m processing a new set of
certificates that I hope to try tomorrow.
Warm regards,
-Conor
Post by Conor Skyler
Hello list,
Post by Conor Skyler
I'm trying to install the certificates I bought from GoDaddy into my
Tomcat
Post by Conor Skyler
server, however so far I've been unsuccessful to achieve this.
OS: Amazon Linux (fully updated)
Tomcat version: 8.0.32, installed from the repos
Java version: $ java -version
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
To install the certificates I followed this tutorial from GoDaddy
https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
Post by Conor Skyler
which explains how to create a KeyStore and configure the <Connector> in
the server.xml file.
Follow these instructions.
Now, judging from the official Tomcat documentation in
Post by Conor Skyler
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
that I
Post by Conor Skyler
first need to conver the .crt files provided by GoDaddy to PKCS12
format --
Post by Conor Skyler
I wonder then why the instructions in GoDaddy's website state other
thing!
There's more than one way to do this. If you started out by following the
GoDaddy instructions to generate your CSR, then continue to follow them to
import your signed certificate.
But then I read this piece of documentation that left me completely
Post by Conor Skyler
To import an existing certificate signed by your own CA into a PKCS12
openssl pkcs12 -export -in mycert.crt -inkey mykey.key
-out mycert.p12 -name tomcat -CAfile myCA.crt
-caname root -chain
In this example there's a reference to a 'mykey.key' file that I don't
have a clue how to obtain it or from where it comes since when I
download the certificates provided by GoDaddy, there's no such .key
file: I can download several different types of certificates in .crt
format but there isn't any .key file to download.
This has to do with the way that you generated the CSR. The GoDaddy
instructions have you using keytool and a keystore. In this case, your
private key will exist in the keystore, so you won't have a .key file and
that's OK.
I tried contacting their support and well, they weren't any helpful at
Post by Conor Skyler
all, they pointed me to the repository where all the certificates are
stored and told me to 'find someone that knows how to handle them' --
thanks for nothing :(
Finally I want to say that I have Tomcat running smooth at port 8080,
I even configured an administrator user to access the status page
which works perfectly, my problem is that I just can't find how to
properly install and configure the SSL.
Follow the GoDaddy instructions. They should work. If you get stuck
on a
specific step, let us know.
Dan
What I'm not sure though is what part or steps I'm missing, I believe
Post by Conor Skyler
this has to be much more simpler that it's been so far for me but
seriously I can't wrap my mind around it.
Thank you very much for taking the time to read this n00b's help scream.
Best regards,
-Conor
---------------------------------------------------------------------
Hardibo Pierre-Jean
2016-06-03 22:18:38 UTC
Permalink
gdig2.crt is intermediate my_certificate must be the last to configure so i think bundle may be the root.
Post by Conor Skyler
Hello Pierre,
Yes, I contacted the technical support at GoDaddy and then basically told
me that I'm on my own and that I should find someone that knows how to
handle the configuration -- that's all the aid they gave me.
I think that there two separate problems here.
First one, the mismatch between the files I receive zipped and the ones
"The file names for your root and intermediate certificates depend on your
signature algorithm.
- SHA-1 root certificate: gd_class2_root.crt
- SHA-2 root certificate: gdroot-g2.crt
- SHA-1 intermediate certificate: gd.intermediate.crt
- SHA-2 intermediate certificate: gdig2.crt
- (*Java 6/7 only*) SHA-2 Root Certificate: gdroot-g2_cross.crt"
my_certificate.crt
gd_bundle-g2-g1.crt
gdig2.crt
So first thing here is that I don't how to use them when following the
instructions stated on the site (the only one I can identify is
my_certificate.crt).
With the second issue my guess is that it might be related to the KeyStore
I wasn't given the original tomcat.keystore file (following the example on
GoDaddy's website) so here I'm starting from the scratch, generating a new
KeyStore.
What I have though is a PEM file from the person I presume the .csr request
file; is there a way to add it to the KeyStore file I create when following
the instructions on GoDaddy's site?
Thank you very much for stepping in!
-Conor
Post by Hardibo Pierre-Jean
there's all here no ?
https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
Post by Conor Skyler
Hi again,
At this point I don't know what else to try: I carefully gone through the
process stated at GoDaddy's website once again trying different
combinations with the certificates (as the instructions provided by GoDaddy
doesn't match the certificates you download) but the result was the same
as before, it didn't work.
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
which somehow brought some hope to me as the title states literally the
issue I'm having: '
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
'
Sadly after trying everything what's shown there and reading tons of stuff
I still can't make the KeyStore work with my Tomcat server.
Any help will be greatly appreciated.
-Conor
Hi Daniel,
Post by Conor Skyler
Thank you very much for stepping in, I’m processing a new set of
certificates that I hope to try tomorrow.
Warm regards,
-Conor
Post by Conor Skyler
Hello list,
Post by Conor Skyler
I'm trying to install the certificates I bought from GoDaddy into my
Tomcat
Post by Conor Skyler
server, however so far I've been unsuccessful to achieve this.
OS: Amazon Linux (fully updated)
Tomcat version: 8.0.32, installed from the repos
Java version: $ java -version
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
To install the certificates I followed this tutorial from GoDaddy
https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
Post by Conor Skyler
which explains how to create a KeyStore and configure the <Connector> in
the server.xml file.
Follow these instructions.
Now, judging from the official Tomcat documentation in
Post by Conor Skyler
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
that I
Post by Conor Skyler
first need to conver the .crt files provided by GoDaddy to PKCS12
format --
Post by Conor Skyler
I wonder then why the instructions in GoDaddy's website state other
thing!
There's more than one way to do this. If you started out by following the
GoDaddy instructions to generate your CSR, then continue to follow them to
import your signed certificate.
But then I read this piece of documentation that left me completely
Post by Conor Skyler
To import an existing certificate signed by your own CA into a PKCS12
openssl pkcs12 -export -in mycert.crt -inkey mykey.key
-out mycert.p12 -name tomcat -CAfile myCA.crt
-caname root -chain
In this example there's a reference to a 'mykey.key' file that I don't
have a clue how to obtain it or from where it comes since when I
download the certificates provided by GoDaddy, there's no such .key
file: I can download several different types of certificates in .crt
format but there isn't any .key file to download.
This has to do with the way that you generated the CSR. The GoDaddy
instructions have you using keytool and a keystore. In this case, your
private key will exist in the keystore, so you won't have a .key file and
that's OK.
I tried contacting their support and well, they weren't any helpful at
Post by Conor Skyler
all, they pointed me to the repository where all the certificates are
stored and told me to 'find someone that knows how to handle them' --
thanks for nothing :(
Finally I want to say that I have Tomcat running smooth at port 8080,
I even configured an administrator user to access the status page
which works perfectly, my problem is that I just can't find how to
properly install and configure the SSL.
Follow the GoDaddy instructions. They should work. If you get stuck
on a
specific step, let us know.
Dan
What I'm not sure though is what part or steps I'm missing, I believe
Post by Conor Skyler
this has to be much more simpler that it's been so far for me but
seriously I can't wrap my mind around it.
Thank you very much for taking the time to read this n00b's help scream.
Best regards,
-Conor
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
Hardibo Pierre-Jean
2016-06-03 22:22:22 UTC
Permalink
there's the tuto :
https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
use sha2 root and intermediate and for the last use my_certificate
here's the repo :

https://certs.godaddy.com/repository/
Post by Hardibo Pierre-Jean
gdig2.crt is intermediate my_certificate must be the last to configure
so i think bundle may be the root.
Post by Conor Skyler
Hello Pierre,
Yes, I contacted the technical support at GoDaddy and then basically told
me that I'm on my own and that I should find someone that knows how to
handle the configuration -- that's all the aid they gave me.
I think that there two separate problems here.
First one, the mismatch between the files I receive zipped and the ones
"The file names for your root and intermediate certificates depend on your
signature algorithm.
- SHA-1 root certificate: gd_class2_root.crt
- SHA-2 root certificate: gdroot-g2.crt
- SHA-1 intermediate certificate: gd.intermediate.crt
- SHA-2 intermediate certificate: gdig2.crt
- (*Java 6/7 only*) SHA-2 Root Certificate: gdroot-g2_cross.crt"
my_certificate.crt
gd_bundle-g2-g1.crt
gdig2.crt
So first thing here is that I don't how to use them when following the
instructions stated on the site (the only one I can identify is
my_certificate.crt).
With the second issue my guess is that it might be related to the KeyStore
I wasn't given the original tomcat.keystore file (following the example on
GoDaddy's website) so here I'm starting from the scratch, generating a new
KeyStore.
What I have though is a PEM file from the person I presume the .csr request
file; is there a way to add it to the KeyStore file I create when following
the instructions on GoDaddy's site?
Thank you very much for stepping in!
-Conor
On Fri, Jun 3, 2016 at 6:09 PM, Hardibo Pierre-Jean
Post by Hardibo Pierre-Jean
there's all here no ?
https://fr.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
Post by Conor Skyler
Hi again,
At this point I don't know what else to try: I carefully gone through the
process stated at GoDaddy's website once again trying different
combinations with the certificates (as the instructions provided by GoDaddy
doesn't match the certificates you download) but the result was the same
as before, it didn't work.
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-cr
which somehow brought some hope to me as the title states literally the
issue I'm having: '
http://stackoverflow.com/questions/24269293/how-to-import-godaddy-certificates-in-tomcat-given-gd-bundle-g2-g1-crt-gdig2-crt
'
Sadly after trying everything what's shown there and reading tons of stuff
I still can't make the KeyStore work with my Tomcat server.
Any help will be greatly appreciated.
-Conor
Hi Daniel,
Post by Conor Skyler
Thank you very much for stepping in, I’m processing a new set of
certificates that I hope to try tomorrow.
Warm regards,
-Conor
On Mon, May 30, 2016 at 11:26 PM, Conor Skyler
Post by Conor Skyler
Hello list,
Post by Conor Skyler
I'm trying to install the certificates I bought from GoDaddy into my
Tomcat
Post by Conor Skyler
server, however so far I've been unsuccessful to achieve this.
OS: Amazon Linux (fully updated)
Tomcat version: 8.0.32, installed from the repos
Java version: $ java -version
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)
To install the certificates I followed this tutorial from GoDaddy
https://ar.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239
Post by Conor Skyler
which explains how to create a KeyStore and configure the
<Connector>
in
the server.xml file.
Follow these instructions.
Now, judging from the official Tomcat documentation in
Post by Conor Skyler
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html it's stated
that I
Post by Conor Skyler
first need to conver the .crt files provided by GoDaddy to PKCS12
format --
Post by Conor Skyler
I wonder then why the instructions in GoDaddy's website state other
thing!
There's more than one way to do this. If you started out by
following
the
GoDaddy instructions to generate your CSR, then continue to
follow them
to
import your signed certificate.
But then I read this piece of documentation that left me completely
Post by Conor Skyler
To import an existing certificate signed by your own CA into a PKCS12
openssl pkcs12 -export -in mycert.crt -inkey mykey.key
-out mycert.p12 -name tomcat -CAfile myCA.crt
-caname root -chain
In this example there's a reference to a 'mykey.key' file that I don't
have a clue how to obtain it or from where it comes since when I
download the certificates provided by GoDaddy, there's no such .key
file: I can download several different types of certificates in .crt
format but there isn't any .key file to download.
This has to do with the way that you generated the CSR. The GoDaddy
instructions have you using keytool and a keystore. In this case, your
private key will exist in the keystore, so you won't have a .key
file
and
that's OK.
I tried contacting their support and well, they weren't any helpful at
Post by Conor Skyler
all, they pointed me to the repository where all the
certificates are
stored and told me to 'find someone that knows how to handle them' --
thanks for nothing :(
Finally I want to say that I have Tomcat running smooth at port 8080,
I even configured an administrator user to access the status page
which works perfectly, my problem is that I just can't find how to
properly install and configure the SSL.
Follow the GoDaddy instructions. They should work. If you get
stuck
on a
specific step, let us know.
Dan
What I'm not sure though is what part or steps I'm missing, I believe
Post by Conor Skyler
this has to be much more simpler that it's been so far for me but
seriously I can't wrap my mind around it.
Thank you very much for taking the time to read this n00b's help scream.
Best regards,
-Conor
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org

Loading...