My web server is Apache Tomcat/8.0.28 on windows server 2012 r2.
I can login to a root shell on my machine.
I need help to create a certificat for my host
Im not using iis . I’m using tomcat to deploy my webapp
I download the client letsencrypt-win-simple.v1.9.8.4
I create a JKS - letsencrypt.jks with a RSA 2048 key a CSR for it with keytool .
I don’t know how to use letsencrypt-win-simple to get certificates. and how to aply this to my tomcat server.
my webapp can be access from hostname:8080\mywebapp
[INFO] Running in Unattended mode
[INFO] Plugin Manual generated target [Manual] [1 binding - myhost.ddns.net]
[INFO] Authorize identifier: myhost.ddns.net
[INFO] Cached authorization result: valid
[INFO] Requesting certificate myhost.ddns.net 2018/2/6 11:26:55 PM
[INFO] Saving certificate to C:\ProgramData\letsencrypt-win-simple\httpsacme-v01.api. letsencrypt.org
[INFO] Installing certificate in the certificate store
[INFO] Adding certificate targettec.ddns.net 2018/2/6 11:26:55 PM to store WebHosting
[INFO] Uninstalling certificate from the certificate store
[INFO] Removing certificate targettec.ddns.net 2018/2/6 6:06:05 PM from store WebHost
ing
[INFO] Adding renewal for myhost.ddns.net
[INFO] Next renewal scheduled at 2018/4/2 11:26:59 PM
C:\Users\Administrateur>
I got a certificate 13 files !
ca-myhost.ddns.net-crt.der
ca-myhost.ddns.net-crt.pem
Registration
Signer
myhost.ddns.net.history.json
myhost.ddns.net-all.pfx
myhost.ddns.net-chain.pem
myhost.ddns.net-crt.der
myhost.ddns.net-crt.pem
myhost.ddns.net-csr.pem
myhost.ddns.net-gen-csr.json
myhost.ddns.net-gen-key.json
myhost.ddns.net-key.pem
know I need to configure it with my tomcate !
i wrote the Apache Tomcat documentation .
they say I have have to create a CSR that will be used by the Certificate Authority to create a Certificate.
I did creat a simple-cert-myhost-ddns-net.csr but I didn’t submit it when I generate the LE certificate !!!
i’m a litle confiused !
its ok I fix it ! here the steps :
first I installed KeyStore Explorer
I creat a Store myhoststore.jks
I import the pair keys from myhost.ddns.net-chain.pem and myhost.ddns.net-key.pem And import the two certificate ca-myhost.ddns.net-crt.der and myhost.ddns.net-crt.der
However you will also have to repeat the JKS import process from the PEM files after each renewal in order for Tomcat to be able to use the new certificate. Therefore you would probably want to make a batch or PowerShell script that does both tasks.
Most Java programs including Tomcat accept PFX files in addition to JKS files. This way you can use the PFX generated by letsencrypt-win-simple without needing a intermediary script.
By default, letsencrypt-win-simple doesn’t set a password for the PFX file, so I left it blank in the example. If you set a PfxPassword in letsencrypt-win-simple’s config file you would enter it as it the keystorePass here, though.