Skip to content

Instantly share code, notes, and snippets.

@Eng-Fouad

Eng-Fouad/steps.md

Last active August 25, 2017 12:58
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Eng-Fouad/ba561d534000afeb6289ea3ad81ca29d to your computer and use it in GitHub Desktop.
Save Eng-Fouad/ba561d534000afeb6289ea3ad81ca29d to your computer and use it in GitHub Desktop.
Download ZIP
Importing Let's Encrypt SSL certificates into Websphere Liberty server
Raw
steps.md
  1. After creating the server (i.e. /opt/wlp/bin/server create), create the security directory:
cd /opt/wlp/usr/servers/defaultServer/
mkdir resources
mkdir resources/security
  1. Export your certificates into pkcs12 keystore (replace fouad.io with appropriate parameter):
sudo openssl pkcs12 -export -out key.p12 -in /etc/letsencrypt/live/fouad.io/fullchain.pem -name default -inkey /etc/letsencrypt/live/fouad.io/privkey.pem -password pass:123456
  1. Convert pkcs12 keystore into Java keystore (jks) and use the same password for both Java keystore and the key (assuming it is pass@key999):
keytool -importkeystore -deststorepass pass@key999 -destkeypass pass@key999 -destkeystore key.jks -srckeystore key.p12 -srcstoretype PKCS12 -srcstorepass 123456 -alias default
  1. Delete key.p12:
rm /opt/wlp/usr/servers/defaultServer/resources/security/key.p12
  1. Encode the password with securityUtility:
/opt/wlp/bin/securityUtility encode pass@key999

This will result in something like {xor}Lz4sLB80OiZmZmY=.

  1. Update server.xml with the keystore information:
nano /opt/wlp/usr/servers/defaultServer/server.xml

add the following inside <server> tag:

<keyStore id="defaultKeyStore"
       type="JKS" password="{xor}Lz4sLB80OiZmZmY=" 
       pollingRate="5s" 
       updateTrigger="polled" />
  1. Restart/Start the server:
/opt/wlp/bin/server stop
/opt/wlp/bin/server start
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment