Difference between revisions of "LetsEncrypt SSL"

From TempusServa wiki
Jump to navigation Jump to search
old>Admin
old>Admin
Line 2: Line 2:
THIS PAGE IS UNDER DEVELOPMENT AND IS NOT YET COMPLETE
THIS PAGE IS UNDER DEVELOPMENT AND IS NOT YET COMPLETE


=== Installation ===
=== Install and configure letsencrypt ===
Download an build certbot (letsencrypt client)
Download an build certbot (letsencrypt client)


Line 16: Line 16:
   sudo echo "email = kpe@tempusserva.dk" >> /etc/letsencrypt/config.ini
   sudo echo "email = kpe@tempusserva.dk" >> /etc/letsencrypt/config.ini


Now generate a certificate
=== Generate PKCS12 certificate ===
Generate a certificate


   sudo mkdir /usr/share/tomcat7/webapps/ROOT
   sudo mkdir /usr/share/tomcat7/webapps/ROOT
   /opt/letsencrypt/letsencrypt-auto certonly --debug --webroot -w /usr/share/tomcat7/webapps/ROOT -d letsencrypt.tempusserva.dk --config /etc/letsencrypt/config.ini --agree-tos  
   /opt/letsencrypt/letsencrypt-auto certonly --debug --webroot -w /usr/share/tomcat7/webapps/ROOT -d letsencrypt.tempusserva.dk --config /etc/letsencrypt/config.ini --agree-tos  


Convert pkcs12 format
Convert to pkcs12 format


   sudo -s
   sudo -s
Line 32: Line 33:
   Press: ctrl + d
   Press: ctrl + d


Next install in Tomcat
=== Install certificate in Tomcat ===
Edit Tomcat configuration


   sudo nano  /usr/share/tomcat7/conf/server.xml
   sudo nano  /usr/share/tomcat7/conf/server.xml

Revision as of 23:39, 25 November 2019

THIS PAGE IS UNDER DEVELOPMENT AND IS NOT YET COMPLETE

Install and configure letsencrypt

Download an build certbot (letsencrypt client) 

  sudo yum install python27-devel git
  sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
  /opt/letsencrypt/letsencrypt-auto --debug

Create a config file 

  sudo touch /etc/letsencrypt/config.ini
  sudo chmod 777 /etc/letsencrypt/config.ini
  sudo echo "rsa-key-size = 4096" >> /etc/letsencrypt/config.ini
  sudo echo "email = kpe@tempusserva.dk" >> /etc/letsencrypt/config.ini

Generate PKCS12 certificate

Generate a certificate 

  sudo mkdir /usr/share/tomcat7/webapps/ROOT
  /opt/letsencrypt/letsencrypt-auto certonly --debug --webroot -w /usr/share/tomcat7/webapps/ROOT -d letsencrypt.tempusserva.dk --config /etc/letsencrypt/config.ini --agree-tos

Convert to pkcs12 format 

  sudo -s

  cd /etc/letsencrypt/live/letsencrypt.tempusserva.dk
  openssl pkcs12 -export -out bundle.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass:TempusServaSecret
  chmod 755 bundle.pfx
  chmod 755 /etc/letsencrypt/live

  Press: ctrl + d

Install certificate in Tomcat

Edit Tomcat configuration 

  sudo nano  /usr/share/tomcat7/conf/server.xml

          <Connector
          protocol="org.apache.coyote.http11.Http11NioProtocol"
          port="8443" maxThreads="200"
          scheme="https" secure="true" SSLEnabled="true"
          keystoreFile="/etc/letsencrypt/live/letsencrypt.tempusserva.dk/bundle.pfx" keystorePass="TempusServaSecret"
          ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA"
          clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"/>

Finally reboot the server 

   service tomcat7 restart
Retrieved from "https://wiki.tempusserva.dk/index.php?title=LetsEncrypt_SSL&oldid=5372"