Monday, December 7, 2015

Let's Encrypt, tomcat7 and Java 6 issues

Yay, let's encrypt is live!

A few issues I came across to get an A-score on the ssllabs test
  • Here's a link to turn your shiny new certificate into a keystore to get it working with Tomcat, the parent post works also, but then you end up with an Incomplete Chain issue. That post fixes it.
  • Java 6 and below don't let you provide a) Strong DH parameters and, b) TLSv1.2 which is needed for HSTS. Overdue on upgrading to Java 7? Now's the time to get those Let's Encrypt goodies :)