o7planning

Install a free SSL certificate Let's Encrypt for Tomcat Server on Ubuntu

  1. What is Let's Encrypt?
  2. Create a SSL Let's Encrypt certificate
  3. Install SSL Let's Encrypt for Tomcat

1. What is Let's Encrypt?

An SSL of a website need to be recognized by a reputable organization that it is safe, which is the reason why you have to use money to buy a Certificate from a reputable organization. There are many reputable organizations in the world that offer SSL certificates such as Comodo, GeoTrust, ...
  • SSL là gì, chứng chỉ SSL là gì?
Let's Encrypt is a SSL certificate providers free, automatically and operating for the community's benefits. It is managed by Internet Security Research Group (ISRG).
Let's Encrypt provides SSL certificates, type: Domain Validation, ie after installation, there will be a green lock in the address bar of the browser, when users access your website.
Although the SSL certificates of Let's Encryt is free, it only has a valid term of 3 months, so every 3 months, you have to create this certificate. But it is very simple, therefore, it doesn't also cause you much trouble for you.
In this post, I am going to guide you to create a SSL certificate free of Let's Encrypt in the Linux & Tomcat Server environment.

2. Create a SSL Let's Encrypt certificate

Ensure that you have installed TomCat successfully on Linux (Ubuntu Server,..).
Deploy your application on Tomcat Server and access it successfully through your domain (eg.: yourdomain.com):
  • http://yourdomain.com
Install Certbot
Certbot is a small tool, which helps you to create keys and signs (Signature) of SSL certificate, and automatically register with Let's Encrypt organization and then download the Let’s Encrypt certificate to the Server for you. Everything is simple.
Ensure that Tomcat Server is shutdown. OK. Open the Terminal window and execute the following commands:
sudo apt-get install software-properties-common

sudo add-apt-repository ppa:certbot/certbot

sudo apt-get update

sudo apt-get install certbot
After installing Certbot successfully, you can use this tool to create an SSL certificate for your domain:
# Example:
sudo certbot certonly --standalone -d   yourdomain.com

# Example:
sudo certbot certonly --standalone -d   devlayer.net
Certbot asks you to enter email, which is necessary so that Let's Encrypt organization notifies you of the time of updating the certificate or notices related to confidentiality.
Agree about the terms of Let's Encrypt:
OK, Now, a directory containing SSL certificate information has been created on your server.
  • /etc/letsencryt
  • /etc/letsencryt/live/{yourdomain.com}

3. Install SSL Let's Encrypt for Tomcat

Use commands to grant permissions to files:
cd /etc/letsencrypt/live/yourdomain.com

chown root:root *.pem
Next, use the command to copy the cert.pem, chain.pem, privkey.pem files created by you in the previous step to the {Tomcat}/conf directory
cd /etc/letsencrypt/live/yourdomain.com

cp cert.pem /root/Apps/tomcat9/conf

cp chain.pem /root/Apps/tomcat9/conf

cp privkey.pem /root/Apps/tomcat9/conf
Open the server.xml file and add a code snippet.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
     maxThreads="150" SSLEnabled="true">

   <SSLHostConfig>
        <Certificate certificateFile="conf/cert.pem"
                            certificateKeyFile="conf/privkey.pem"
                            certificateChainFile="conf/chain.pem" />
   </SSLHostConfig>

</Connector>
Restart Tomcat Server, and access your application with https:
  • https://yourdomain.com
  • https://yourdomain.com:8443

Newest Articles

Show More