Security first should be the thumb rule for any organization to secure your hard working code from hackers. It becomes more important while travelling application data over public network. For this situation, we need to implement end-to-end encryption using TLS.
Let’s Encrypt is an certificate authority provides valid SSL certificates to be used for web application. It provides certificate freely for everyone with some restrictions.
This tutorial describe you to how to setup Let’s Encrypt SSL with Tomcat web server.
Prerequisites
This tutorial doesn’t cover Tomcat installation. We are assuming that, you already have Tomcat server running on your system.
Step 1 – Install certbot
Certbot is an command line utility to generate and manage Let’s encrypt SSL certificates. Which is available for most of the operating systems.
Debian users can install certbot by running the following command. Other operating system users can install it from here.
sudo apt-get install certbot
Next create the SSL certificate for your domain. Make sure the domain DNS is pointed to your system. For this tutorial, I am using tomcat.tecadmin.net subdomain.
certbot certonly --standalone -d tomcat.tecadmin.net
On successful, you will have ssl certificate for your domain at below location:
ls /etc/letsencrypt/live/tomcat.tecadmin.net/
cert.pem chain.pem fullchain.pem privkey.pem README
These are all the files you need for SSL certificate setup.
Step 2 – Configure Tomcat with Let’s Encrypt
Next, configure your Tomcat server to listen on secure protocol. Default tomcat uses 8443 to listen for SSL/TLS requests.
Copy SSL certificate’s and private key files under /opt/tomcat/conf directory:
cd /etc/letsencrypt/live/tomcat.tecadmin.netcp {cert,chain,privkey}.pem /opt/tomcat/conf/
Then edit the conf/server.conf file available under Tomcat home directory. In may case Tomcat is installed under /opt/tomcat, So using below command to edit configuration file.
nano /opt/tomcat/conf/server.conf
Remove to uncomment the following section in configuration file. Also add the certificate section with your certificate files. The configuration will be look like:
Save your file and close it.
Restart the Tomcat service to application changes.
sudo systemctl restart tomcat
That’s it. You have configured Let’s Encrypt SSL with Tomcat.
Next step is to verify setup.
Step 3 – Verify Tomcat SSL Certificate
Default tomcat with SSL listen on 8443 port. Use your domain with 8443 port to access Tomcat over secure socket layer.
- https://tomcat.tecadmin.net:8443
That’s it. You have successfully configured Let’s Encrypt SSL with Tomcat.
Step 4 – Renew SSL Certificate
The default Let’s Encrypt SSL certificates expire after 90 days. You can easily refresh SSL certificate anytime within 1 month of expiration.
Type below command to refresh SSL certificate.
certbot certonly --standalone -d tomcat.tecadmin.net
Once successfully renewed. Copy the newly generated certificate files to the Tomcat conf directory.
cd /etc/letsencrypt/live/tomcat.tecadmin.netcp {cert,chain,privkey}.pem /opt/tomcat/conf
Restart the Tomcat service to application changes.
sudo systemctl restart tomcat
Conclusion
In this tutorial, You have learned to setup Let’s Encrypt SSL certificate with Tomcat web server.
