Tomcat with Let's Encrypt cert on Ubuntu 16.04



To get Let's Encrypt's cert work with Tomcat container.


Install and get a LE cert

sudo apt install letsencrypt
sudo letsencrypt certonly
It should ask for email, the domain this machine is at.

Converting LE's certs to PKCS12 format

Get root, cd into letsencrypt's cert folder indicated by last command, and run:
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out sslcert.p12 -name tomcat -CAfile chain.pem -caname root
Move the p12 cert to a place tomcat can see.

Configure Tomcat to use the cert

Edit conf/server.xml, enable the 443 connector.
Add the attributes in this connector:

keystoreFile="sslcert.p12" keystoreType="PKCS12" keystorePass="[change_to_your_password]"
Restart Tomcat, and the https should be working.

No comments: