Friday, September 21, 2018

Updating Let's Encrypt Certificate for SirsiDynix Horizon Web Services

How to update the a Letsencrypt Certificate on Apache Tomcat for SirsiDynix Horizon Web Services.  If you went though my post on Adding Let's Encrypt TLS Certificate to SirsiDynix Horizon Web Serivces Tomcat Server you will like this post.  It takes about 10 to 20 minutes to do and is pretty quick for having to do a manual update.


There are a couple of things that you will want to have handy to make this process sing.
  • Logged in to The windows Apache Tomcat server with a view of the desktop 
  • Access to the Lets Encrypt Key and CSR 
  • Logged into your DNS Provider 
  • Passwords required for your tomcat keystore

Environmental Variable Verification:



Keystore Details

Alias: KeystoreAlias FileName: $KeystoreFileName Password $KeystorePassword!


From your windows server running Apache Tomcat go to zerossl.com



Put in the email you have setup your tomcat server account, you will also need your account key and domain CSR.




Select DNS Verfication, Accept TOS, Accept SA and hit next.

This will take you to the DNS ACME-Challenge page. You will need to copy and paste the challenge and update the challenge in the TXT field in our Zoneedit account under the _acme-challenge.$yourdomain value.




Once Verified it will allow you to download your new domain and intermediate cert.

Save the downloaded file to the documents folder. Then open it up in sublime text edit and split the certs appart. The top certificate one is the domain cert which we need the other is the intermediate certificate. Save them in the following format. Copy and paste them into

Domain-cert-renewal-$TodaysDate.crt
Intermediate-cert-renewal-$TodaysDate.crt

Copy and paste the files into the apache tomcat directory. C:\Program Files\tomcatserver

Run CMD as Administrator and go to cd “C:\Program Files\tomcatserver” this will make things easier.

Type in “$JAVA_VAR”\keytool -import -alias $yourkeystorealias -trustcacerts -file domain-cert-renewal-20180919.crt -keystore $yourkeystorefilename

Then it will prompt you for a password:

Enter the password for the keystore.

Then it will ask you for a new password. You can continue to use the one that you have, so if you change it update the documentation!

You will get a warning about PKCS12 you can ignore it but that is it your done. Your SSL Cert is updated. Restart your apache tomcat server for the certificate updates to take effect.




If you want to verify the certificate there is a java program loaded called Portecle
http://portecle.sourceforge.net/




Once the Program is open you can open the keystore file by going File -> Open Keystore File -> “C:\Program Files\$pathtotomcatdirectory” or by Opening the file from the drop down as shown below.





You will then be prompted for the Keystore Password: $KeystorePassword!
Once that is done you can see the certificates in the keystore as shown below.



Hyper-V Cluster Node Keeps Randomly Going Down

Over the last few weeks I had an issue with a Hyper-V Cluster node randomly going down causing issues with my Hyper-V cluster. Looking at th...