Kjetil 0 Posted February 21, 2019 Posted February 21, 2019 I wanted to replace my self-signed certificate for ESMC with an SSL certificate from "Let's Encrypt". So I installed and run "certbot". I got a new certificate, but I guess Apache tomcat settings was modified as well, so I can no longer access eraserver. By doing a "sudo service eraserver status", I can see that the service is running. So I guess I just need to restore configs in Apache, but how ?
ESET Staff MartinK 384 Posted February 21, 2019 ESET Staff Posted February 21, 2019 You have not specified platform, but certificate related configuration of apache tomcat is stored in file server.xml, where crucial part is section that will be similar to: <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA" keystoreFile="/etc/tomcat/.keystore" keystorePass="<some_random_password>" keyAlias="tomcat" /> where you can see that file with certificate is referenced, with certificate alias as stored inside of it and password that is protecting access to private parts.
Kjetil 0 Posted February 22, 2019 Author Posted February 22, 2019 The platform is Ubuntu. By a mistake, I installed apache2 togheter with certbot. Apache took precedence over Tomcat. When I removed apache2, and restarted tomcat, everything was fine again 🙂
Recommended Posts