申请let's encrypt 的ssl 证书并部属到tomcat中, 系统为centos7
安装certbot, cretbot是let's encrypt 证书申请的客户端
yum -y install epel-release; yum -y install certbot
手动获取cert (通过DNS解析服务中添加TXT来验证域名权限,过程中需要按要求添加TXT记录)
certbot -d sub.yourdomainname.com --manual --preferred-challenges dns certonly
当出现如下提示时到DNS解析服务中添加TXT记录
Please deploy a DNS TXT record under the name
_acme-challenge.sub.yourdomainname.com with the following value:
667drNmQL3vX6bu8YZlgy0wKNBlCny8yrjF1lSaUndc
Once this is deployed,
Press ENTER to continue
转换到pkcs12格式
openssl pkcs12 -export -name [some-alias] -in cert-chain.crt -inkey privkey.key -out keystore.p12
转换到tomcat keystore
keytool -importkeystore -destkeystore mykeystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias myservercert
验证
keytool -list -v -keystore mykeystore.jks