In this article, we will be going to see how we can achieve the HTTPS in the spring boot application. You will get lots of items on how to use the self-generated certificate with Spring Boot. But today we are going to use the CA generated certificates with the Spring Boot so that our application will work on HTTPS.
We need the following things to work:
- CA certificates including, private key and certificate. In this article, we are using the GoDaddy wild card certificate.
- Spring Boot application
- OpenSSL library
Convert the certificate and private key to PKCS 12
First of all, we need to convert the CA certificate to .p12 format. We need to have OpenSSL on the system to work with command. Also, we need to have all files in the same directory where we are running this command. The command required to covert the same:
openssl pkcs12 -export -in [ceritificate-name] -inkey [private-key] -name [host] -out [new-file.p12]
Here replace the values:
- [ceritificate-name] with the name of the certificate
- [private-key] with the private key file
- [host] with the name of the host
- [new-file.p12] with any name of your choice with extension .p12
Import the certificate to the key store
Now, we have generated our .p12 file next step is to convert this file to jks format. We need to do this in 2 steps. For this command to work, we need to have a Java home set environment.
1. First, import the PKCS 12 certificate by executing the following command:keytool -importkeystore -deststorepass [password] -destkeystore [new-keystore.jks] -srckeystore [new-file.p12] -srcstoretype PKCS12
where:
- [password] is the password you create while creating the private key
- [new-keystore.jks] the name you have defined earlier
- [new-file.p12] is the name of the .p12 file you defined earlier
2. Secondly, import the CA bundle file by executing the following command:
keytool -import -alias tomcat -trustcacerts -file [ca-bundle-file] -keystore [new-keystore.jks]
where:
- [ca-bundle-file] is the name of the ca certificate
- [new-keystore.jks] the name you have defined earlier
That's it. We have converted the CA certificate, (GoDaddy in our case) to jks format which will be used by the Spring Boot application.
Let's now do some configurations in Spring Boot application to run in HTTPS.
Paste the below lines in your application.yml:
Let's now do some configurations in Spring Boot application to run in HTTPS.
Paste the below lines in your application.yml:
server:
ssl:
key-password: your-password
key-store-password: your-password
key-store: classpath:name-of-file.jks
key-store-type: JKS
or in the application.properties file:
server.ssl.key-password=your-password
server.ssl.key-store-password=your-password
server.ssl.key-store: classpath=name-of-file.jks
server.ssl.key-store-type=JKS
That's all we need to do. Now we are ready to run our application in HTTPS mode on EC2 instance with GoDaddy certificates.
Comments
Post a Comment