How to update the a Letsencrypt Certificate on Apache Tomcat for SirsiDynix Horizon Web Services. If you went though my post on Adding Let's Encrypt TLS Certificate to SirsiDynix Horizon Web Serivces Tomcat Server you will like this post. It takes about 10 to 20 minutes to do and is pretty quick for having to do a manual update.
There are a couple of things that you will want to have handy to make this process sing.
- Logged in to The windows Apache Tomcat server with a view of the desktop
- Access to the Lets Encrypt Key and CSR
- Logged into your DNS Provider
- Passwords required for your tomcat keystore
Environmental Variable Verification:
Keystore Details
Alias: KeystoreAlias FileName: $KeystoreFileName Password $KeystorePassword!
From your windows server running Apache Tomcat go to zerossl.com
Put in the email you have setup your tomcat server account, you will also need your account key and domain CSR.
Select DNS Verfication, Accept TOS, Accept SA and hit next.
This will take you to the DNS ACME-Challenge page. You will need to copy and paste the challenge and update the challenge in the TXT field in our Zoneedit account under the _acme-challenge.$yourdomain value.
Once Verified it will allow you to download your new domain and intermediate cert.
Save the downloaded file to the documents folder. Then open it up in sublime text edit and split the certs appart. The top certificate one is the domain cert which we need the other is the intermediate certificate. Save them in the following format. Copy and paste them into
Domain-cert-renewal-$TodaysDate.crt
Intermediate-cert-renewal-$TodaysDate.crt
Copy and paste the files into the apache tomcat directory. C:\Program Files\tomcatserver
Run CMD as Administrator and go to cd “C:\Program Files\tomcatserver” this will make things easier.
Type in “$JAVA_VAR”\keytool -import -alias $yourkeystorealias -trustcacerts -file domain-cert-renewal-20180919.crt -keystore $yourkeystorefilename
Then it will prompt you for a password:
Enter the password for the keystore.
Then it will ask you for a new password. You can continue to use the one that you have, so if you change it update the documentation!
You will get a warning about PKCS12 you can ignore it but that is it your done. Your SSL Cert is updated. Restart your apache tomcat server for the certificate updates to take effect.
If you want to verify the certificate there is a java program loaded called Portecle
http://portecle.sourceforge.net/
Once the Program is open you can open the keystore file by going File -> Open Keystore File -> “C:\Program Files\$pathtotomcatdirectory” or by Opening the file from the drop down as shown below.
You will then be prompted for the Keystore Password: $KeystorePassword!
Once that is done you can see the certificates in the keystore as shown below.