Jul 18, 2017

How to install letsencrypt free ssl to glassfish server on Amazon EC2

visit certbot and follow the instructions below to setup your system

$ sudo ./path/to/certbot-auto certonly --debug

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2



1: Enter a new webroot
-------------------------------------------------------------------------------

Press 1 [enter] to confirm the selection (press 'c' to cancel): 1
Input the webroot for demo.i88.ca: (Enter 'c' to cancel): /opt/glassfish3/glassfish/domains/domain1/docroot

Select the webroot for dev.i88.ca:
-------------------------------------------------------------------------------
1: Enter a new webroot
2: /opt/glassfish3/glassfish/domains/domain1/docroot
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/demo.i88.ca/fullchain.pem.
   Your cert will expire on 2017-10-16. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le


Automate importing certificate to glassfish

for further reading
https://community.letsencrypt.org/t/importing-letsencrypt-into-java-and-glassfish/9711
Now we import the certificates. Make the following script and save it as letsencrypt-gf.sh to automate the process then run it with the command
$ bash letsencrypt-gf.sh

#!/bin/sh

DOMAIN=yoursite.com
#note that chageit is the default keystore password
KEYSTOREPW=changeit
GFDOMAIN=/home/yourUsername/glassfish4/glassfish/domains/domain1
LIVE=/etc/letsencrypt/live/$DOMAIN

mkdir etc
cd etc

sudo openssl pkcs12 -export -in $LIVE/cert.pem -inkey $LIVE/privkey.pem -out cert_and_key.p12 -name myalias -CAfile $LIVE/chain.pem -caname root -password pass:$KEYSTOREPW
sudo keytool -importkeystore -destkeystore keystore.jks -srckeystore cert_and_key.p12 -srcstoretype PKCS12 -alias myalias -srcstorepass $KEYSTOREPW -deststorepass $KEYSTOREPW -destkeypass $KEYSTOREPW
sudo keytool -import -noprompt -trustcacerts -alias root -file $LIVE/chain.pem -keystore keystore.jks -srcstorepass $KEYSTOREPW -deststorepass $KEYSTOREPW -destkeypass $KEYSTOREPW

sudo openssl pkcs12 -export -in $LIVE/fullchain.pem -inkey $LIVE/privkey.pem -out pkcs.p12 -name glassfish-instance -password pass:$KEYSTOREPW
sudo keytool -importkeystore -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -alias glassfish-instance -srcstorepass $KEYSTOREPW -deststorepass $KEYSTOREPW -destkeypass $KEYSTOREPW
sudo openssl pkcs12 -export -in $LIVE/fullchain.pem -inkey $LIVE/privkey.pem -out pkcs.p12 -name s1as -password pass:$KEYSTOREPW
sudo keytool -importkeystore -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -alias s1as -srcstorepass $KEYSTOREPW -deststorepass $KEYSTOREPW -destkeypass $KEYSTOREPW

sudo keytool -list -keystore keystore.jks -storepass $KEYSTOREPW

sudo cp -f keystore.jks $GFDOMAIN/config/

sudo service glassfish stop
sudo service glassfish start

cd ..
sudo rm -rf etc


Restart glassfish