I'm currently trying to set up a Confluence (6.6.0) on an Ubuntu Server with Plesk (17.5.3) and Let's-Encrypt-Extension installed.
Confluence itself is up and running, but I am experiencing some issues, when it comes to SSL. Securing the Domain itself is easily done by just taking the "easy road" via the Plesk-Panel One-Click-Installer.
The Certificates will be located at /usr/local/psa/var/modules/letsencrypt/etc/archive/<MY_DOMAIN>/
There are four .pem-files in this directory:
cert1.pem
chain1.pem
fullchain1.pem
privkey1.pem
But now i need to tell Tomcat, that i have this certificate installed in the server.xml.
Since the Plesk-Let's-Encrypt-Extension saves the files as .pem-files i need to convert them via OpenSSL to be able to use the Java keytool.
I found a nice tutorial about this topic in general right here:
http://robblake.net/post/18945733710/using-a-pem-private-key-and-ssl-certificate-with
When i am trying the following, i get stuck at the very beginning, when i try to execute
openssl pkcs12 -export -in <PATH>/cert1.pem -inkey <PATH>/privkey1.pem -out foo.p12 -name tomcat -chain -CAFile <PATH>/chain1.pem
The command itself runs, when I am not using -CAFile
and generates my .p12-File, but then throws a warning:
Error unable to get local issuer certificate getting chain.
If i try adding -CAFile /usr/local/psa/var/modules/letsencrypt/etc/archive/<MY_DOMAIN>/chain1.pem
or using [...]/fullchain1.pem
instead nothing will happen but OpenSSL printing the Usage-Documentation.
So since these four .pem-files are the only ones available i'm not sure what else to do.
Since i need the intermediate-certs too, i am wondering what i have to do here.