Spring Boot - Enable https (http+ssl) (2021)
In previous article, we learned about Basic Authentication, Digest Authentication and configuring and accessing credentials from database.
Now in this tutorial, will see how to enable HTTPS (HTTP+SSL), for this purpose will use this example to add/enable https.
Spring Boot Security Tutorial :
- Basic Authentication
- Digest Authentication
- Configuring Authentication Credentials in database
- Enable https (http+ssl)
- JWT Introduction
- JWT Example
- JWT Angular Example
- Spring Boot with JWT Token Authentication
- JWT +MYSQL Example
- OAuth2.0 Tutorial
- Advantage of JWT as OAuth Access Token Vs OAuth Default Token
- OAuth2 with JWT Access Token
- Spring Security Interview Questions
Spring Boot by default uses HTTP 8080 port. To configure https, we need to generate self-signed certificate in one of the format given below.
PKCS12Public Key Cryptographic Standards is a password-protected format that can include many certificates and keys, it is a format mainly used in the industry.
JKSJava KeyStore is identical to PKCS12, it is a proprietary format limited to the Java environment.
Difference between a Java Keystore JKS and PKCS12
The default keystore format used was JKS until Java 8.
However, now since Java 9, PKCS12 has been the default keystore format.
Another main difference between JKS and PKCS12 is that JKS is a Java-specific format, while PKCS12 stores encrypted private keys and certificates in a standardized and language-neutral way.
Follow below steps to configure and generate ssl into spring boot application.
Generating a Keystore
keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -keystore keystore.jks -validity 3650 -storepass password
- genkeypair: It generates a key pair.
- alias: It provides alias name for the generated keystore.
- keyalg: Uses cryptographic algorithm to generate the key pair.
- keysize: Provision to define size of the key. We have used 2048 bits, however 4096 would be a better option for production.
- storetype: Type of keystore.
- keystore: Name of the keystore.
- validity: Validity number of days.
- storepass: A password for the keystore.
Now, let's open the command prompt and use the following command to generate our own PKCS12 keystore.
It will generate keystore certificate with name securitykeystore.p12, alias as techgeeknext-alias with keystore password as techgeeknext123.
keytool -genkey -alias techgeeknext-alias -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore securitykeystore.p12
It will create certificate at D drive, as shown below:
Verify the keystore contentUse below command to verify the keystore certificate.
It will show all the details of the generated SSL certificate, only we need to provide password of the certificate.
keytool -list -v -keystore securitykeystore.p12
D:\>keytool -list -v -keystore securitykeystore.p12 Picked up _JAVA_OPTIONS: -Xmx256M Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: techgeeknext-alias Creation date: 23 Sep, 2020 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate: Owner: CN=techgeeknext, OU=techgeeknext, O=techgeeknext, L=AA, ST=BB, C=CC Issuer: CN=techgeeknext, OU=techgeeknext, O=techgeeknext, L=AA, ST=BB, C=CC Serial number: b554a8f Valid from: Wed Sep 23 18:25:26 IST 2020 until: Tue Dec 22 18:25:26 IST 2020 Certificate fingerprints: MD5: 4C:BF:B2:4B:E3:46:8E:1C:E2:9A:11:75:8F:B0:1D:92 SHA1: BB:2E:9D:3E:D7:59:0A:D7:35:57:EA:65:EE:AC:31:E7:1D:84:94:32 SHA256: 06:82:87:2B:10:30:73:6F:58:98:25:92:9A:D5:6A:13:D2:C6:6D:D8:E1:A7:B3:91:E5:05:63:E2:61:EE:F8:32 Signature algorithm name: SHA256withRSA Version: 3 Extensions: #1: ObjectId: 126.96.36.199 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 2E D7 F6 9D 3E 37 98 82 0D E6 B2 CC 88 3C 24 C1 ....>7.......<$. 0010: 4C 70 26 6D Lp&m ] ] ******************************************* ******************************************* D:\>
Configure SSL/HTTPS in Spring Boot
Copy generated securitykeystore.p12 keystore certificate in the resource folder.
Add below keystore properties in application.yml.
server: port: 8083 ssl: key-store-password: techgeeknext123 key-store: classpath:securitykeystore.p12 key-store-type: PKCS12 key-alias: techgeeknext-alias
Let's take a quick look on the above SSL configuration properties:
- server.port: Port on which the server is listening. We have used 8083 rather than the default 8080 port.
- server.ssl.key-store: Path to the key store that contains the SSL certificate. In this example, we need Spring Boot to look for it in the classpath.
- server.ssl.key-store-password: Password used to access the key store.
- server.ssl.key-store-type: Type of the key store (PKCS12).
- server.ssl.key-alias: Alias to identifies the key in the key store.
- server.ssl.key-password: Password used to access the Key from the key store.
Take a look at our suggested posts:
- First, let's try with http url to see if it process the request.
Spring Boot will not process the http request as it's not secured.
- Now try with https url. As shown below by default Browser won't add SSL certificate. To add the certificate click on Advanced Button to proceed to localhost.
Once click on Proceed to local host, it'll show https url.
- Enter valid credential with User Authorities
Enter Username: user and Password: userPass
Download Source CodeThe full source code for this article can be found on below.
Download it here - Spring Boot - Enable HTTPS