Spring Boot HTTPS example (http+ssl) (2024)
In previous article, we learned about Basic Authentication, Digest Authentication and configuring and accessing credentials from database.
Now in this tutorial, will see how to enable HTTPS (HTTP+SSL), for this purpose will use this example to add/enable https.
Spring Boot Security Tutorial :
- Basic Authentication
- Digest Authentication
- Configuring Authentication Credentials in database
- Spring Boot Method Security with PreAuthorize
- Enable https (http+ssl)
- JWT Introduction
- JWT Example
- JWT Angular Example
- Spring Boot with JWT Token Authentication
- JWT +MYSQL Example
- OAuth2.0 Tutorial
- Advantage of JWT as OAuth Access Token Vs OAuth Default Token
- OAuth2 with JWT Access Token
- Spring Security Interview Questions
Spring Boot by default uses HTTP 8080 port. To configure https, we need to generate self-signed certificate in one of the format given below.
-
PKCS12
Public Key Cryptographic Standards is a password-protected format that can include many certificates and keys, it is a format mainly used in the industry. -
JKS
Java KeyStore is identical to PKCS12, it is a proprietary format limited to the Java environment.
Difference between a Java Keystore JKS and PKCS12
The default keystore format used was JKS until Java 8.
However, now since Java 9, PKCS12 has been the default keystore format.
Another main
difference between JKS and PKCS12 is that JKS is a Java-specific format, while PKCS12 stores
encrypted private keys and certificates
in a standardized and language-neutral way.
Follow below steps to configure and generate ssl into spring boot application.
Generating a Keystore
Syntax
keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -keystore keystore.jks -validity 3650 -storepass password
- genkeypair: It generates a key pair.
- alias: It provides alias name for the generated keystore.
- keyalg: Uses cryptographic algorithm to generate the key pair.
- keysize: Provision to define size of the key. We have used 2048 bits, however 4096 would be a better option for production.
- storetype: Type of keystore.
- keystore: Name of the keystore.
- validity: Validity number of days.
- storepass: A password for the keystore.
Now, let's open the command prompt and use the following command to generate our own PKCS12 keystore.
keytool -genkey -alias techgeeknext-alias -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore securitykeystore.p12
It will generate keystore certificate with name securitykeystore.p12, alias as techgeeknext-alias
with keystore password as techgeeknext123.
It will create certificate at D drive, as shown below:
Verify the keystore content
Use below command to verify the keystore certificate.keytool -list -v -keystore securitykeystore.p12
It will show all the details of the generated SSL certificate, only we need to provide password of
the certificate.
D:\>keytool -list -v -keystore securitykeystore.p12
Picked up _JAVA_OPTIONS: -Xmx256M
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: techgeeknext-alias
Creation date: 23 Sep, 2020
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=techgeeknext, OU=techgeeknext, O=techgeeknext, L=AA, ST=BB, C=CC
Issuer: CN=techgeeknext, OU=techgeeknext, O=techgeeknext, L=AA, ST=BB, C=CC
Serial number: b554a8f
Valid from: Wed Sep 23 18:25:26 IST 2020 until: Tue Dec 22 18:25:26 IST 2020
Certificate fingerprints:
MD5: 4C:BF:B2:4B:E3:46:8E:1C:E2:9A:11:75:8F:B0:1D:92
SHA1: BB:2E:9D:3E:D7:59:0A:D7:35:57:EA:65:EE:AC:31:E7:1D:84:94:32
SHA256: 06:82:87:2B:10:30:73:6F:58:98:25:92:9A:D5:6A:13:D2:C6:6D:D8:E1:A7:B3:91:E5:05:63:E2:61:EE:F8:32
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2E D7 F6 9D 3E 37 98 82 0D E6 B2 CC 88 3C 24 C1 ....>7.......<$.
0010: 4C 70 26 6D Lp&m
]
]
*******************************************
*******************************************
D:\>
Configure SSL/HTTPS in Spring Boot
-
Copy generated securitykeystore.p12 keystore certificate in the resource folder.
-
Add below keystore properties in application.yml.
server: port: 8083 ssl: key-store-password: techgeeknext123 key-store: classpath:securitykeystore.p12 key-store-type: PKCS12 key-alias: techgeeknext-alias
Let's take a quick look on the above SSL configuration properties:
- server.port: Port on which the server is listening. We have used 8083 rather than the default 8080 port.
- server.ssl.key-store: Path to the key store that contains the SSL certificate. In this example, we need Spring Boot to look for it in the classpath.
- server.ssl.key-store-password: Password used to access the key store.
- server.ssl.key-store-type: Type of the key store (PKCS12).
- server.ssl.key-alias: Alias to identifies the key in the key store.
- server.ssl.key-password: Password used to access the Key from the key store.
Take a look at our suggested posts:
Testing HTTPS
- First, let's try with http url to see if it process the request.
http://localhost:8083/hello/user?name=TestUser
Spring Boot will not process the http request as it's not secured. - Now try with https url. As shown below by default Browser won't add SSL certificate. To add the
certificate click on Advanced Button to proceed to localhost.
Once click on Proceed to local host, it'll show https url.
- Enter valid credential with User Authorities
Enter Username: user and Password: userPass
Download Source Code
The full source code for this article can be found on below.Download it here - Spring Boot - Enable HTTPS