Skip to main content

SSL in Spring Boot using GoDaddy certificate on EC2


In this article, we will be going to see how we can achieve the HTTPS in the spring boot application. You will get lots of items on how to use the self-generated certificate with Spring Boot. But today we are going to use the CA generated certificates with the Spring Boot so that our application will work on HTTPS.

We need the following things to work:
  1. CA certificates including, private key and certificate. In this article, we are using the GoDaddy wild card certificate.
  2. Spring Boot application
  3. OpenSSL library

Convert the certificate and private key to PKCS 12

First of all, we need to convert the CA certificate to .p12 format. We need to have OpenSSL on the system to work with command. Also, we need to have all files in the same directory where we are running this command. The command required to covert the same:
openssl pkcs12 -export -in [ceritificate-name] -inkey [private-key] -name [host] -out [new-file.p12]
Here replace the values:
  1. [ceritificate-name] with the name of the certificate
  2. [private-key] with the private key file
  3. [host] with the name of the host
  4. [new-file.p12] with any name of your choice with extension .p12

Import the certificate to the key store

Now, we have generated our .p12 file next step is to convert this file to jks format. We need to do this in 2 steps. For this command to work, we need to have a Java home set environment.
1. First, import the PKCS 12 certificate by executing the following command:
keytool -importkeystore -deststorepass [password] -destkeystore [new-keystore.jks] -srckeystore [new-file.p12] -srcstoretype PKCS12
where:
  • [password] is the password you create while creating the private key
  • [new-keystore.jks] the name you have defined earlier
  • [new-file.p12] is the name of the .p12 file you defined earlier

2. Secondly, import the CA bundle file by executing the following command:
keytool -import -alias tomcat -trustcacerts -file [ca-bundle-file] -keystore [new-keystore.jks]
where:
  • [ca-bundle-file] is the name of the ca certificate
  • [new-keystore.jks] the name you have defined earlier

That's it. We have converted the CA certificate, (GoDaddy in our case) to jks format which will be used by the Spring Boot application.

Let's now do some configurations in Spring Boot application to run in HTTPS.
Paste the below lines in your application.yml:
server:
    ssl:
        key-password: your-password
        key-store-password: your-password
        key-store: classpath:name-of-file.jks
        key-store-type: JKS
or in the application.properties file:
server.ssl.key-password=your-password
server.ssl.key-store-password=your-password
server.ssl.key-store: classpath=name-of-file.jks
server.ssl.key-store-type=JKS

That's all we need to do. Now we are ready to run our application in HTTPS mode on EC2 instance with GoDaddy certificates.

Comments

Popular posts from this blog

Getting height and width of image in Java

Yesterday I was working on something that requires manipulation of image for getting its properties. After searching over the internet I found a very intersting class on Java i.e ImageIO and BufferedImage class. These classes are good enough to manipulate images. there are many other claases also. But what I need i got it from these. I found many developers searching over internet for getting properties of image and there is no good small example for that. Thats why I thought why not creating a simple code to manipulate the image and help the developers. Here is the small code that helps to get the height and width of the image. Enjoy it!! import java.awt.image.BufferedImage; import java.io.File; import java.io.IOException; import javax.imageio.ImageIO; public class GetImage { public static void main(String[] args) { try { File f = new File("E:/Vinod/Docs/Pics/krishna_01.jpg"); BufferedImage image = ImageIO.read(f); int height = image.getHeight(); in...

My JUnit Write Ups

I haven't written to my blog for a long time. There are times when you are busy and didn't get the time to work on the blogs. I am writing for Java Code Geeks for some time and busy with one of the projects that I was building for a client. Most of the blogs that I am writing was on JUnit. If you like this blogs do follow me on the Java Code Geeks at my author page . Also, if possible do upvote my links on DZone . I will be regularly writing on JUnit there. Hope you like those.