Saturday, April 7, 2018

Spring Boot - enable and configure SSL certificate

By Hường Hana 1:00 PM , , Leave a Comment

I have this certificates / files in order to enable SSL for my application:

certificates

I found out that this properties are needed for Spring Boot to enable HTTPS:

server.port=8089 server.ssl.enabled=true server.ssl.key-store=src/main/resources/keystore.p12 server.ssl.key-store-password=**** server.ssl.keyStoreType=PKCS12 server.ssl.keyAlias=tomcat

but this does not work. My question now would be what do I have to do in order to get it work? https://abc.lehr.co.at should be the URL.

[EDIT]

I have created my own keystore - with this I get the following exception:

java.io.IOException: Alias name tomcat does not identify a key entry at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:596) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:534) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:363) at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:739) at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:472) at org.apache.coyote.http11.Http11NioProtocol.start(Http11NioProtocol.java:81) at org.apache.catalina.connector.Connector.startInternal(Connector.java:986)

My keystore looks like this:

Keystore

Actually I don't know what to import into keystore for embedded tomcat (Spring Boot).

3 Answers

Answers 1

To enable SSL, you must provide a private key, and not a trusted certificate.

In your keystore, 'tomcat' should be listed as an alias for a privatekeyentry and not a trustedcertentry.

Answers 2

You have to pack your private keys to PFX file or P12 with specifiyng aliases. So, it will be picked up accordingly from the keyStore after loading materials.

Use this tool to figure out what alias are:

keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug

Answers 3

I'd suggest you create your KeyStore in JKS format: 

 keytool -genkey -keyalg RSA -alias my_alias -keystore keystore.jks -storepass password -validity 360 -keysize 2048

then add the configuration: 

server.port=8089 server.ssl.enabled=true server.ssl.key-store=src/main/resources/keystore.jks server.ssl.key-store-password=**** server.ssl.keyStoreType=JKS server.ssl.keyAlias=my_alias
If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment