How to Install Let’s Encrypt SSL with Tomcat

How to Install Let’s Encrypt SSL with Tomcat

Security first should be the thumb rule for any organization to secure your hard working code from hackers. It becomes more important while travelling application data over public network. For this situation, we need to implement end-to-end encryption using TLS.

Let’s Encrypt is an certificate authority provides valid SSL certificates to be used for web application. It provides certificate freely for everyone with some restrictions.

This tutorial describe you to how to setup Let’s Encrypt SSL with Tomcat web server.

Prerequisites

This tutorial doesn’t cover Tomcat installation. We are assuming that, you already have Tomcat server running on your system.

Step 1 – Install certbot

Certbot is an command line utility to generate and manage Let’s encrypt SSL certificates. Which is available for most of the operating systems.

Debian users can install certbot by running the following command. Other operating system users can install it from here.

sudo apt-get install certbot 

Next create the SSL certificate for your domain. Make sure the domain DNS is pointed to your system. For this tutorial, I am using tomcat.tecadmin.net subdomain.

certbot certonly --standalone -d tomcat.tecadmin.net 

On successful, you will have ssl certificate for your domain at below location:

ls /etc/letsencrypt/live/tomcat.tecadmin.net/ 

cert.pem  chain.pem  fullchain.pem  privkey.pem  README

These are all the files you need for SSL certificate setup.

Step 2 – Configure Tomcat with Let’s Encrypt

Next, configure your Tomcat server to listen on secure protocol. Default tomcat uses 8443 to listen for SSL/TLS requests.

Copy SSL certificate’s and private key files under /opt/tomcat/conf directory:

cd /etc/letsencrypt/live/tomcat.tecadmin.net 
cp {cert,chain,privkey}.pem /opt/tomcat/conf/ 

Then edit the conf/server.conf file available under Tomcat home directory. In may case Tomcat is installed under /opt/tomcat, So using below command to edit configuration file.

nano /opt/tomcat/conf/server.conf 

Remove to uncomment the following section in configuration file. Also add the certificate section with your certificate files. The configuration will be look like:

    
        
            
        
    

Save your file and close it.

Restart the Tomcat service to application changes.

sudo systemctl restart tomcat 

That’s it. You have configured Let’s Encrypt SSL with Tomcat.

Next step is to verify setup.

Step 3 – Verify Tomcat SSL Certificate

Default tomcat with SSL listen on 8443 port. Use your domain with 8443 port to access Tomcat over secure socket layer.

  • https://tomcat.tecadmin.net:8443

Setup lets encrypt ssl with tomcat

That’s it. You have successfully configured Let’s Encrypt SSL with Tomcat.

Step 4 – Renew SSL Certificate

The default Let’s Encrypt SSL certificates expire after 90 days. You can easily refresh SSL certificate anytime within 1 month of expiration.

Type below command to refresh SSL certificate.

certbot certonly --standalone -d tomcat.tecadmin.net 

Once successfully renewed. Copy the newly generated certificate files to the Tomcat conf directory.

cd /etc/letsencrypt/live/tomcat.tecadmin.net 
cp {cert,chain,privkey}.pem /opt/tomcat/conf 

Restart the Tomcat service to application changes.

sudo systemctl restart tomcat 

Conclusion

In this tutorial, You have learned to setup Let’s Encrypt SSL certificate with Tomcat web server.

The post How to Install Let’s Encrypt SSL with Tomcat appeared first on TecAdmin.

General Articles lets encrypt SSL TecAdmin Tomcat