How to configure SSL certificate in spring boot?

Let us learn how to generate & configure the ssl certificates in spring boot applications.

how to configure ssl certificate in spring boot

Step 1. Getting the certificate

We can purchase the SSL certificate from the following SSL providers

Godaddy
DigiCert
GeoTrust
GlobalSign
Comodo SSL
RapidSSL
SSL.com

OR, for testing purposes, we can generate a self-signed certificate

Before getting started, let us know the format of the SSL certificates:

PKCS12: Public Key Cryptographic Standards is a password-protected format that can contain multiple certificates and keys; it's an industry-wide used format.
JKS: Java KeyStore is similar to PKCS12; it's a proprietary format and is limited to the Java environment.

To know more about how SSL works please go to this link.

We can use either keytool or OpenSSL tools to generate the certificates from the command line. Keytool is shipped with Java Runtime Environment, and OpenSSL can be downloaded from here.

For our demonstration, let's use keytool.

keytool -genkey -alias localhost -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore localhost.p12 -validity 365 -ext san=dns:localhost

This command will generate a key using the RSA cryptography algorithm. Arguments of the keytool program are stated below:

-genkey: generates a key
-alias localhost: defines the name of the key, here we have named 'localhost', which uniquely identifies your domain name
-storetype PKCS12: this defines the format of the key that is stored as 'PKCS12'
-keyalg RSA: used to specify the algorithm to be used is 'RSA'
-keysize 2048: used to define the size of the key as '2048' bit
-keystore localhost.p12: specifies the name of the file that stores the key is 'localhost.p12'
-validity 365: it is used to set the expiration date of the key will be '365' days from now
-ext san=dns:localhost: includes an X.509 extension for Subject Alternate Name (SAN)- a SAN is required so the certificated will be trusted by browsers on localhost

Note: The keytool program is available in JDK's bin directory, so you need to navigate to JDK_HOME\bin.

generating ssl certificate command image

Step 2. Add the generated certificate file in your project

Copy and paste the generated key <localhost.p12> into the resource folder of the project structure as shown below.

how to configure ssl in spring boot project project structure

Step 3. Setting up the SSL configurations in application properties

Add the necessary SSL configuration to the application.properties file.

httpPort = 8080
server.port=8443
server.ssl.key-store: classpath:localhost.p12
server.ssl.key-store-password: abcd123
server.ssl.keyStoreType: pkcs12
server.ssl.keyAlias: localhost

Step 4. Add the connectors configurations

Add connectors configurations and port redirection from default port to secured port.

@Configuration
public class ConnectorConfig {

    @Value("${server.port}")
    int httpsPort;
    @Value("${httpPort}")
    int httpPort;
    /**
     * This method is used to get Servlet Container
     * @return ServletWebServerFactory
     */
    @Bean
    public ServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint = new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            }
        };
        tomcat.addAdditionalTomcatConnectors(redirectConnector());
        return tomcat;
    }
    /**
     * This method is used to get redirect Connector
     * @return Connector
     */
    private Connector redirectConnector() {

        Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
        connector.setScheme("http");
        connector.setPort(httpPort);
        connector.setSecure(false);
        connector.setRedirectPort(httpsPort);
        return connector;
    }
}

Step 5. Output screens

redirecting to https port in spring boot

Thanks for reading this article. I hope you understood well.

How to Implement AWS RDS Database IAM Authentication in Spring Boot

Amazon RDS for MySQL allows authentication using AWS Identity and Access Management (IAM) database authentication. With this authentication method, you don't need to use a password when you connect to a DB instance. Instead, you use an authentication token. Let us understand how this works? An authentication token is a unique string of characters that Amazon RDS generates on request. Authentication tokens are generated using AWS Signature Version 4. Each token has a lifetime of 15 minutes. You don't need to store user credentials in the database, because authentication is managed externally using IAM. You can also still use standard database authentication. Since IAM authentication tokens are short-lived access tokens that are valid for 15 minutes. For the RDS database this token works as a database password that is required to establish a connection and does not determine how long the existing connection can last. The default value for connection to be alive without activit

How to upload files in Amazon S3 Bucket using Spring Boot

As stated in the title, we are going to demonstrate that how we can upload and retrieve files from the amazon s3 bucket in spring boot. For this, we must have an account on amazon web services (AWS) . And the next thing you need to have is an IAM user that has programmatic access to the s3 bucket. Follow the steps below to create an IAM user and s3 bucket. Table of Contents 1. Steps to create an IAM user in AWS with S3 bucket full access permission Step 1.1 Login to your AWS account Step 1.2 Set the user details Step 1.3 Set user permissions Step 1.4 Create a user group and set the access policy Step 1.5 Add user to the group Step 1.6 Set the tags (optional) Step 1.7 Review the user details and permission summary Step 1.8 Download the user credentials 2. See, how to create s3 bucket. Step 2.1 Click on the "Create bucket" button. Step 2.2 Enter the bucket name and select bucket region. Step 2.3 Set file accessibility for bucket items as public/private

What Is SSL Certificate and how it works?

Deep Dive into SSL Certificate What Is an SSL Certificate? SSL (Secure Sockets Layer) is the common name for TLS (Transport Layer Security), a security protocol that enables encrypted communications between two machines. An SSL certificate is a small data file leveraging this security protocol to serve two functions: Authentication – SSL certificates serve as credentials to authenticate the identity of a website. They are issued to a specific domain name and web server after a Certificate Authority, also known as a Certification Authority (CA), performs a strict vetting process on the organization requesting the certificate. Depending on the certificate type, it can provide information about a business or website's identity and authenticate that the website is a legitimate business. Secure data communication - When SSL is installed on a web server, it enables the padlock to appear in the web browser. It activates the HTTPS protocol and creates a secure connection between th

How to Implement Spring Security in Spring Boot

Security Example in Spring Boot Implementation of Spring Security in the Spring Boot application is the key point to learn for spring boot developers. Because Authentication and Authorization are the backbones of the whole application. Getting started with the Spring Security Series, this is the first part, in this article we are going to focus on the authentication part with minimal registration. The implementation of registration flow with email verification, customizing password encoding, and setting up password strengths and rules will be explored in another separate article for each. This article will be the base of the spring security series, the other security features will be explained on the basis of this implementation, so be focused and let's understand. The code contains proper naming & brief comments that makes it very comprehensive. If you feel any difficulty or find any issue, please drop a comment below this post The main goal of this article is to impleme

Basic Annotations in Spring Boot

Annotations are the key components. Spring Boot annotations are simple and self-explanatory. There are a large number of annotations are implemented in Spring Core. But In Spring Boot most of the annotations are enhanced and combined in simpler ones to write fewer lines of code. For example: If you are ever worked with spring core you need to apply @Configuration , @EnableAutoConfiguration and @ComponentScan . Now In Spring Boot, these three are combined into @SpringBootApplication . Here we have listed 32 annotations and explained, in brief, what every beginner should know. If you understand the use and start playing with these annotations no one can stop you to become a master in spring boot. We will provide the detailed example later on so please subscribe to this blog from the footer section by providing an email id: Table of Contents Basic Annotations in Spring Boot 1.@SpringBootApplication 2.@Component 3.@Service 4.@Repository 5.@Controller 6.@RestController 7.@A

Spring Boot Master

Search This Blog