Difference between revisions of "LetsEncrypt SSL"
Jump to navigation
Jump to search
old>Admin |
old>Admin |
||
| Line 19: | Line 19: | ||
=== Installation === | === Installation === | ||
Download an build certbot ( | Download an build certbot (letsencrypt client) | ||
sudo yum install python27-devel git | sudo yum install python27-devel git | ||
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt | sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt | ||
/opt/letsencrypt/letsencrypt-auto --debug | /opt/letsencrypt/letsencrypt-auto --debug | ||
Create a config file | |||
sudo touch /etc/letsencrypt/config.ini | |||
sudo chmod 777 /etc/letsencrypt/config.ini | |||
sudo echo "rsa-key-size = 4096" >> /etc/letsencrypt/config.ini | |||
sudo echo "email = kpe@tempusserva.dk" >> /etc/letsencrypt/config.ini | |||
Now generate a certificate | Now generate a certificate | ||
sudo mkdir /usr/share/tomcat7/webapps/ROOT | |||
/opt/letsencrypt/letsencrypt-auto certonly --debug --webroot -w /usr/share/tomcat7/webapps/ROOT -d letsencrypt.tempusserva.dk --config /etc/letsencrypt/config.ini --agree-tos | |||
Convert pkcs12 format | |||
sudo -s | |||
cd /etc/letsencrypt/live/letsencrypt.tempusserva.dk | |||
openssl pkcs12 -export -out bundle.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass:TempusServaSecret | |||
Press: ctrl + d | |||
Next install in Tomcat | |||
sudo nano /usr/share/tomcat7/conf/server.xml | |||
Set the SSL certificate | |||
<Connector | |||
protocol="org.apache.coyote.http11.Http11NioProtocol" | |||
port="443" maxThreads="200" | |||
scheme="https" secure="true" SSLEnabled="true" | |||
keystoreFile="/etc/letsencrypt/live/letsencrypt.tempusserva.dk/bundle.pfx" keystorePass="TempusServaSecret" | |||
clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"/> | |||
Finally reboot the server | |||
service tomcat7 restart | |||
Revision as of 23:11, 25 November 2019
THIS PAGE IS UNDRE DEVELOPMENT AND IS NOT YET COMPLETE
Installation
Adding EPEL repositories til Linux (if not present)
sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Then install required librarys
sudo yum install pytest sudo yum install python-zope-interface
Then install certbot
sudo yum install certbot
Installation
Download an build certbot (letsencrypt client)
sudo yum install python27-devel git sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt /opt/letsencrypt/letsencrypt-auto --debug
Create a config file
sudo touch /etc/letsencrypt/config.ini sudo chmod 777 /etc/letsencrypt/config.ini sudo echo "rsa-key-size = 4096" >> /etc/letsencrypt/config.ini sudo echo "email = kpe@tempusserva.dk" >> /etc/letsencrypt/config.ini
Now generate a certificate
sudo mkdir /usr/share/tomcat7/webapps/ROOT /opt/letsencrypt/letsencrypt-auto certonly --debug --webroot -w /usr/share/tomcat7/webapps/ROOT -d letsencrypt.tempusserva.dk --config /etc/letsencrypt/config.ini --agree-tos
Convert pkcs12 format
sudo -s
cd /etc/letsencrypt/live/letsencrypt.tempusserva.dk openssl pkcs12 -export -out bundle.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass:TempusServaSecret
Press: ctrl + d
Next install in Tomcat
sudo nano /usr/share/tomcat7/conf/server.xml
Set the SSL certificate
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/etc/letsencrypt/live/letsencrypt.tempusserva.dk/bundle.pfx" keystorePass="TempusServaSecret"
clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"/>
Finally reboot the server
service tomcat7 restart