More Related Content
Similar to Setting Up a Cloud Server - Part 4.pdf (20)
More from ShaiAlmog1 (20)
Setting Up a Cloud Server - Part 4.pdf
- 6. Lets Encrypt
✦ Normally certificate authorities work by verifying who
you are via phone, Duns Number etc.
✦ Lets encrypt allows anyone to prove they own a
domain and get a 90 day certificate
✦ 90 Days is painfully short but since the process is
automated & free the assumption is you won’t notice
✦ JDK 8u101 added Lets Encrypt, if you have an older
version you will need to upgrade or you will get an
exception…
© Codename One 2017 all rights reserved
- 7. Lets Encrypt - On Spring Boot
✦Sucks…
✦Spring Boot makes a lot of things seamless but
doesn’t do it for Lets Encrypt
✦This might change in the future but this is what I
had to do to get it to work…
© Codename One 2017 all rights reserved
- 9. #yum -y install yum-utils
Commands
✦Install additional utilities to fetch lets encrypt tool
© Codename One 2017 all rights reserved
- 13. #certbot certonly --standalone -d
build.majimob.com -d build.majimob.com
--tls-sni-01-port 8443 --http-01-port
8080
Commands
✦Runs a server and verifies your domain against lets
encrypt then generates the certificate into place
✦Replace build.majimob.com with your domain
✦Notice the ports argument so it will work with the IP
Tables change
© Codename One 2017 all rights reserved
- 14. openssl pkcs12 -export -in /etc/letsencrypt/live/
build.majimob.com/fullchain.pem -inkey /etc/
letsencrypt/live/build.majimob.com/privkey.pem -out
/home/builder/keystore.p12 -name tomcat -CAfile
/etc/letsencrypt/live/build.majimob.com/chain.pem
-caname root
Commands
✦Converts the certificate to the keystore format used
by Java
✦Notice the paths include the majimob domain so you
will need to fix those…
© Codename One 2017 all rights reserved