Mittwoch, 4. November 2020

 Let's Encrypt on Exchange 2013

Preparation

Go to https://www.win-acme.com/ and download the latest release and unzip it to a directory of your choice.

Open on your firewall port 80

Make sure that on your IIS you have a default site on port 80

Execution

Open a CMD with Administrator privileges 

run: 

wacs.exe --target manual --host mail.yourdomain.com,autodiscover.yourdomain.com --certificatestore My --acl-fullcontrol "network service,administrators" --installation iis,script --installationsiteid 1 --script "./Scripts/ImportExchange.ps1" --scriptparameters "'{CertThumbprint}' 'IIS,SMTP,IMAP' 1 '{CacheFile}' '{CachePassword}' '{CertFriendlyName}'"

Close Port 80


That's it

Eingestellt von um
Labels: ,

Dienstag, 3. November 2020

Atlassian Confluence SSL with Let'sEncrypt Certificates

 Let's Encrypt und Atlassian Confluence

1. Install Certbot

sudo snap install core; sudo snap refresh core

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

2. Tomcat modification

Add to server.xml

<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"/>

This enables Tomcat to listen on Port 80.

Restart Tomcat

Open your firewall that Port 80 reaches your Confluence server.

3. Request your Certificate

certbot certonly --standalone -d confluence.yourdomain.com

4. Create P12 Certificate

openssl pkcs12 -export -out /tmp/confluence.p12 -in /etc/letsencrypt/live/confluence.yourdomain.com/fullchain.pem -inkey /etc/letsencrypt/live/confluence.yourdomain.com/privkey.pem -name tomcat

(Note your export Password - you need it later in step 6 and for your server.xml)

5. Prepare your Keystore

keytool -delete -alias tomcat -keystore <MY_KEYSTORE_FILENAME>

6. Import Let's Encrypt Certificate

 keytool -importkeystore -deststorepass '1234' -destkeypass '1234' -destkeystore /opt/atlassian/confluence/ConfluenceKeyStore.jks -srckeystore /tmp/confluence.p12 -srcstoretype PKCS12 -srcstorepass '1234' -alias tomcat

7. Clean Up

Delete entry added in step 2 from server.xml and ckeck if the path to your new keystore and password are correct.

Restart confluence

Close Port 80 on your Firewall 

Eingestellt von um
Labels: , ,
Abonnieren Posts (Atom)