There are two main ways of running Greenstone 3 using HTTPS:

• [Preferred] Running an Apache server configured to support HTTPS, and reverse proxying the Tomcat server
• Setting up Tomcat to run using HTTPS

An easy way of getting an SSL certificate, which is free, is to use certbot and LetsEncrypt.

You will need to install certbot - follow the instructions at https://certbot.eff.org/instructions Take note of the "What you need" section. Then, choose your webserver ('apache' or 'other' for Tomcat) and operating system, and it will give you instructions to install certbot, plus also instructions to run it to get certificates.

Once you use certbot to obtain

Once you have certbot installed, if you are using Apache, you can run

• sudo certbot –apache - this will generate the certificates, plus also setup Apache configuration to use them.
• sudo certbot certonly - will generate the certificates, but do no configuration - you will need to do that yourself.

If you are adding https support to Tomcat, you can use the Greenstone ant targets to generate the certificates, plus then convert them and setup Tomcat configuration to use them.

• ant setup-https-cert - this will obtain the certificates from LetsEncrypt, and put them into Tomcat's conf folder.