Home linux How to configure HTTPS for Apache and Tomcat Free Certificate?

How to configure HTTPS for Apache and Tomcat Free Certificate?

Author

Date

Category

given:

VPS on ubuntu , on it Apache (for the front) and Tomcat (for API). There is a domain, everything works for http .

Task:

Configure HTTPS Access.

Problem:

Do not want to pay for the certificate.

Question:

How to get a free certificate and configure everything?


Answer 1, Authority 100%

  1. you have to root access to the server via ssh .
  2. Set the program certbot . She is open source and allows you to automatically generate, install and update SSL Certificate for Apache

    (instructions from the program site, for Apache and Ubuntu 18.04 , there There are for other programs and OS):

    sudo apt-get update
    Sudo Apt-Get Install Software-Properties-Common
    Sudo Add-APT-Repository Universe
    Sudo Add-APT-Repository PPA: CERTBOT / CERTBOT
    Sudo Apt-Get Update
    Sudo Apt-Get Install Certbot Python-Certbot-Apache
    
  3. Run for Apache

    sudo certbot --APACHE
    

    A program will start, which in a few steps will configure everything, generating the certificate files and speaking it in the Apache configuration. At the end, it will tell where the generated certificate files are entered. The program will also add a task to CRON to check the deadline for the expiration of the certificate (90 days) and its automatic extension (new files will be generated and updated configuration (probably))

  4. For Tomcat more complicated. I did not find an instruction on automatic configuration, we will do it manually.

    Ubuntu 18 instructions:

    1. Copy the private key files, the certificate itself and chain (Privkey , CERT , Chain ) (all extension – PEM ) to the home folder of the user who twists tomcat by issuing the right to this files to these files.
    2. We register in the configuration>Tomcat (server.xml ) paths to files like this:

      & lt; connector port = "8443" protocol = "org.apache.coyote.http11.http11aprprotocol"
        MaxThreads = "150" sslenabled = "true" & gt;
          & lt; upgradeprotocol classname = "org.apache.coyote.http2.http2protocol" / & gt;
          & lt; sslhostconfig & gt;
            & lt; Certificate CertificateKeyFile = "$ {user.home} /privkey.pem"
             CertificateFile = "$ {user.home} /cert.pem"
             CertificateChainFile = "$ {user.home} /chain.pem"
             Type = "RSA" / & gt;
          & lt; / sslhostconfig & gt;
      & lt; / connector & gt;
      
    3. Restart Tomcat .

    instructions for Debian 8:

    1. Copy the private key files, the certificate itself and chain (Privkey , CERT , Chain ) (all extension – PEM ) to the home folder of the user who twists tomcat by issuing the right to this files to these files.
    2. Create PFX File. It is needed, because According to the unknown reason, Tomcat does not want to receive PEM files in this case, because of some native Libe, which I could not set up, because Instructions, as always, for the pro, ordinary person will not figure out.

      openssl pkcs12 -Export -out bundle.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -Password Pass: Password
      
    3. In the Tomcat (server.xml ) configuration, write the paths to the files like this:

      & lt; Connector
        protocol = "org.apache.coyote.http11.Http11NioProtocol"
        port = "8443"
        maxThreads = "200"
        scheme = "https"
        secure = "true"
        SSLEnabled = "true"
        keystoreFile = "$ {user.home} /bundle.pfx"
        keystorePass = "password"
        clientAuth = "false"
        sslProtocol = "TLS"
        keystoreType = "PKCS12" / & gt;
      

Information taken from from here

Programmers, Start Your Engines!

Why spend time searching for the correct question and then entering your answer when you can find it in a second? That's what CompuTicket is all about! Here you'll find thousands of questions and answers from hundreds of computer languages.

Recent questions