Progress, I think - at least I am not getting errors in the Tomcat logs any more. Here is what I did, for future reference:
-
Installed Let’s Encrypt on a Mac in terminal app:
git clone https://github.com/letsencrypt/letsencrypt -
Generated certificate fles:
letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory certonly -a manual —debug
- that gave files fullchain1.pem, cert1.pem, chain1.pem and privacy1.pem in directory /etc/letsencrypt/live/portal.kalvista.com
- I had to do chown’s and chmod’s to get to that directory and retrieve the .pem files
-
Transferred the .pem files to the Windows Server VM
-
On Windows command line:
openssl pkcs12 -export -in fullchain1.pem -inkey privkey1.pem -out fullchain_and_key.p12 -name tomcat
[password requested: entered twice and noted - it is shown as “password_from_4” in the text below…] -
On Windows command line:
keytool -importkeystore -deststorepass password_from_4 -destkeypass password_from_4 -destkeystore MyDSKeyStore.jks -srckeystore fullchain_and_key.p12 -srcstoretype PKCS12 -srcstorepass password_from_4 -alias tomcat -
Copied the keystore file MyDSKeyStore,jks to the Tomcat conf folder, i.e. C:\Program Files\Apache Software Foundation\Tomcat 8.5\conf in my case
-
Edited server.xml to include the following connector entry:
-
Restarted Tomcat service - no errors in catalina log.
Browsing to https://port.example.com still doesn’t work, but browsing to https://localhost:8443 gives the Tomcat “success” page, albeit with a red triangle in the address bar as shown on the attached screenshot. Looks like I am on the right track, but still some things to fix!
Andy
