Difference between revisions of "LetsEncrypt SSL"

From TempusServa wiki
Jump to navigation Jump to search
old>Admin
old>Admin
Line 19: Line 19:


=== Installation ===
=== Installation ===
Download an build certbot (eletsencrypt client)
Download an build certbot (letsencrypt client)


   sudo yum install python27-devel git
   sudo yum install python27-devel git
   sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
   sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
   /opt/letsencrypt/letsencrypt-auto --debug
   /opt/letsencrypt/letsencrypt-auto --debug
Create a config file
  sudo touch /etc/letsencrypt/config.ini
  sudo chmod 777 /etc/letsencrypt/config.ini
  sudo echo "rsa-key-size = 4096" >> /etc/letsencrypt/config.ini
  sudo echo "email = kpe@tempusserva.dk" >> /etc/letsencrypt/config.ini


Now generate a certificate
Now generate a certificate


    sudo certbot certonly --webroot -w /usr/share/tomcat7/webapps -d letsencrypt.tempusserva.dk
  sudo mkdir /usr/share/tomcat7/webapps/ROOT
  /opt/letsencrypt/letsencrypt-auto certonly --debug --webroot -w /usr/share/tomcat7/webapps/ROOT -d letsencrypt.tempusserva.dk --config /etc/letsencrypt/config.ini --agree-tos
 
Convert pkcs12 format
 
  sudo -s
 
  cd /etc/letsencrypt/live/letsencrypt.tempusserva.dk
  openssl pkcs12 -export -out bundle.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass:TempusServaSecret
 
  Press: ctrl + d
 
Next install in Tomcat
 
  sudo nano  /usr/share/tomcat7/conf/server.xml
 
Set the SSL certificate
 
          <Connector
          protocol="org.apache.coyote.http11.Http11NioProtocol"
          port="443" maxThreads="200"
          scheme="https" secure="true" SSLEnabled="true"
          keystoreFile="/etc/letsencrypt/live/letsencrypt.tempusserva.dk/bundle.pfx" keystorePass="TempusServaSecret"
          clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"/>
 
Finally reboot the server
 
    service tomcat7 restart

Revision as of 23:11, 25 November 2019

THIS PAGE IS UNDRE DEVELOPMENT AND IS NOT YET COMPLETE

Installation

Adding EPEL repositories til Linux (if not present)

  sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Then install required librarys

  sudo yum install pytest
  sudo yum install python-zope-interface

Then install certbot

  sudo yum install certbot


Installation

Download an build certbot (letsencrypt client)

  sudo yum install python27-devel git
  sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
  /opt/letsencrypt/letsencrypt-auto --debug

Create a config file

  sudo touch /etc/letsencrypt/config.ini
  sudo chmod 777 /etc/letsencrypt/config.ini
  sudo echo "rsa-key-size = 4096" >> /etc/letsencrypt/config.ini
  sudo echo "email = kpe@tempusserva.dk" >> /etc/letsencrypt/config.ini

Now generate a certificate

  sudo mkdir /usr/share/tomcat7/webapps/ROOT
  /opt/letsencrypt/letsencrypt-auto certonly --debug --webroot -w /usr/share/tomcat7/webapps/ROOT -d letsencrypt.tempusserva.dk --config /etc/letsencrypt/config.ini --agree-tos 

Convert pkcs12 format

  sudo -s
  cd /etc/letsencrypt/live/letsencrypt.tempusserva.dk
  openssl pkcs12 -export -out bundle.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass:TempusServaSecret
  Press: ctrl + d

Next install in Tomcat

  sudo nano  /usr/share/tomcat7/conf/server.xml

Set the SSL certificate

          <Connector
          protocol="org.apache.coyote.http11.Http11NioProtocol"
          port="443" maxThreads="200"
          scheme="https" secure="true" SSLEnabled="true"
          keystoreFile="/etc/letsencrypt/live/letsencrypt.tempusserva.dk/bundle.pfx" keystorePass="TempusServaSecret"
          clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"/>

Finally reboot the server

   service tomcat7 restart