HTTPS for Tomcat 7 with Let’s Encrypt

HTTPS for Tomcat 7 with Let’s Encrypt also works with apache modproxy

To generate a certificate using let’s encrypt, follow this post. Once you got the certificate issued with the official Let’s Encrypt client, you will find that the client created a directory for you: /etc/letsencrypt. In this directory you will find the path live/yourDomain which contains symbolic links to the latest version of their corresponding file in /etc/letsencrypt/archive/yourDomain.

Copy the fullchain.pem and privkey.pem to a different folder or your home folder using the following command.

Now you need to create a JKS file using the above two keychain files, so first run the following in the terminal.

You will be asked to provide a password (called yourPKCS12pass in the following).

Next, after we generated our PKCS12 keystore aboe, we can use Java’s keytool to generate a JKS from our PKCS12 file. To do so run the following.

This will give you a file called MyDSKeyStore.jks. Now you are ready to configure Tomcat for HTTPS.

The final step is to configure Tomcat to use Https:
To configure tomcat’s https you’ll need to edit server.xml under $CATALINA_BASE/conf/ directory.

Open the file using you favorite text editor and search for the line beginning with

Using the information and the key you added above change it to

Now restart tomcat, and run https://yourDomain:8443 to check the SSL Encryption