WIP: Setting up SSL for BMS in Windows 2012 using Letsencrypt


  • BMS is setup
  • domain is setup and pointed to server
  • port 80 and 18443 inbound are allowed
  • Web Server (IIS) is installed

Variables Used


  1. Install win-acme
    Download and extract win-acme to the main drive (C:) https://github.com/PKISharp/win-acme
  2. Generate Certificate
    Run win-acme via the command line as administrator

    Enter information to generate certificate

    This will generate a certificate that will be visible on the windows server manager Web Server feature.
  3. Extract Certificate
    Open Server Manager and locate the certificates options inside the Web Server (IIS) feature

    Export the certificated created earlier via win-acme

    Enter the name of the PFX file to be generated and the password

  4. Install in Tomcat

    Create a certs file in tomcat_home and copy the certificate (PFX) file.

    Edit the server.xml file under the <tomcat_home>/conf folder. Make sure the values of the port, keystoreFile and keystorePass are correct.

    <Connector port="18443" protocol="HTTP/1.1" SSLEnabled="true"
    keystoreFile="C:\BMS4\infrastructure\tomcat\certs\bm-staging-win.leafnode.io.pfx" keystorePass="bms123" keystoreType="PKCS12"
                   maxThreads="150" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS" />
  5. Test
    At this point you need to restart the tomcat server of the BMS and you should be able to access the site through a secure connection