Overview
In this tutorial, we will be using a self-signed certificate for our spring boot application so that we can access it using HTTPS.
We will not cover the topic of SSL and why do we need it in this tutorial.
Generate p12 file
To use SSL we need to generate a P12 file and the command to generate it is:
keytool -genkeypair -alias demo -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore demo.p12 -validity 3650
After running the generate command you can see the output one by one:
PS C:\Users\yubaraj> keytool -genkeypair -alias demo -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore demo.p12 -validity 3650
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]:
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]:
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
[no]: yes
We should set a password with a minimum length of 6 and others can be left as default.
When finishes the above step it should generate a file with name demo.p12.
Let’s copy this file to our Spring Boot project directory. (I would prefer to save inside classpath. i.e. resources folder):
Now, you have to update your application.yml file like following:
server:
ssl:
enabled: true
key-store-type: PKCS12
key-store: classpath:keystore/demo.p12
key-store-password: 123456
# This is the password you entered during demo.p12 file generation
key-alias: demo
Let’s start our spring boot application and try to access it with localhost:8080 it should display messages like:
This is because we need to access our API with HTTPS.
Hence, try to browse https://localhost:8080 and you may see an error:
This is because we are using a self-signed certificate to secure our API call and that certificate is not trusted by our browser.
Let’s click on the Advanced button and click Continue to localhost (unsafe) link.
It should work.
Note: If your configuration does not work then the complete example can be found in this link https://github.com/yubarajkalathoki/blog-examples/tree/main/example-1.
Cheers! 🙂