Using Let's Encrypt to create SSL

1. Get Let’s Encrypt software
   • cd /tmp
   • git clone https://github.com/letsencrypt/letsencrypt
   • cd letsencrypt
2. Obtain a CA signed certificate from Let’s Encrypt
   • ./certbot-auto certonly --standalone --email trunghm@nexlesoft.com --agree-tos -d streaming.nexlesoft.com
   • If the process completes successfully, you will see a message similar to this:
     • Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/streaming.nexlesoft.com/fullchain.pem
3. Create the Keystore
   • Export our keys and certs into a PKCS12 formatted file
     • sudo openssl pkcs12 -export -in /etc/letsencrypt/live/streaming.nexlesoft.com/fullchain.pem -inkey /etc/letsencrypt/live/streaming.nexlesoft.com/privkey.pem -out /etc/letsencrypt/live/streaming.nexlesoft.com/fullchain_and_key.p12 -name tomcat4
   • Create the Java Keystore (don’t forget to substitute your password and domain name):
     • sudo keytool -importkeystore -deststorepass Gnurt1609 -destkeypass Gnurt1609 -destkeystore /etc/letsencrypt/live/streaming.nexlesoft.com/keystore.jks -srckeystore /etc/letsencrypt/live/streaming.nexlesoft.com/fullchain_and_key.p12 -srcstoretype PKCS12 -srcstorepass Gnurt1609 -alias tomcat4
4. Create the Truststore
   • Export the certificate that we’ll be trusting (don’t forget to substitute your password and domain name)
     • sudo keytool -export -alias tomcat4 -file /etc/letsencrypt/live/streaming.nexlesoft.com/tomcat.cer -keystore /etc/letsencrypt/live/streaming.nexlesoft.com/keystore.jks -storepass Gnurt1609 -noprompt
   • After we have the exported certificate, import it into the truststore
     • sudo keytool -import -trustcacerts -alias tomcat4 -file /etc/letsencrypt/live/streaming.nexlesoft.com/tomcat.cer -keystore /etc/letsencrypt/live/streaming.nexlesoft.com/truststore.jks -storepass Gnurt1609 -noprompt