Secure web connection is required and becomes standard today. In this Spring Boot tutorial, I’d be happy to share with you about HTTPS configuration for a Spring Boot application, for local development purpose, with a self-signed certificate.

To follow this guide, you must have JDK (Java Development Kit) installed on your computer so you can use its keytool for creating SSL certificate, and I suppose that you’re developing a Spring Boot project.

 

1. Generate Self-Signed Certificate using Java keytool

The SSL protocol requires a server provide a digital certificate which is trusted by an authority. Then clients will be able to establish a secure connection to your application. For development on localhost, you can create a self-signed certificate which is then installed to be trusted by your web browsers.

Open a new command prompt window, and type the following command:

keytool -genkeypair -alias local_ssl -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore local-ssl.p12 –validity 365 -ext san=dns:localhost

This command will generate a key pair (public key and private key) using RSA cryptography algorithm. Let me explain the arguments for the keytool program:

• -genkeypair: generates a key pair
• -alias local_ssl: specifies the alias of the keypair is local_ssl, which uniquely identifies it.
• -keyalg RSA: specifies the algorithm to be used is RSA
• -keysize 2048: specifies the size of the key is 2048 bit
• -storetype PKCS12: specifies the file format to store the key pair is PKCS12
• -keystore local-ssl.p12: species name of the file that stores the key pair is local-ssl.p12
• -validity 365: specifies the expiration date will be 365 days from now
• -ext san=dns:localhost: includes an X.509 extension for Subject Alternate Name (SAN) – a SAN is required so the certificate will be trusted by browsers on localhost

NOTE: the keytool program is available in JDK’s bin directory, so you may need to change the current directory to JDK_HOME\bin if you don’t have setup for JAVA_HOME environment variable.

Then you have to enter password for the keystore as well as supplying some extra information, as shown below:

The result is a keystore file named local-ssl.p12 created in the current directory.

2. Enable SSL for Spring Boot Application

Copy the local-ssl.p12 file to your Spring Boot project, under src/main/resources like this:

Then enable SSL for embedded Tomcat server in the Spring Boot application configuration file (application.yml in my case) as follows:

server:

  port: 443

  servlet:

    context-path: /

  ssl:

    enabled: true

    key-alias: local_ssl

    key-store: classpath:local-ssl.p12

    key-store-type: PKCS12

    key-password: <keystore_password>

    key-store-password: <keystore_password>

Now, you can start your Spring Boot application. And notice the embedded Tomcat server is now listening on HTTPS port number (443):

Then try to access https://localhost in Chrome browser, you should see an error like this:

This is because the self-signed SSL certificate sent from the server is not trusted by the browser. Don’t worry. See the next step below.

3. Install Self-Signed Certificate

Now you have to generate a certificate file from the keystore file. Use the keytool program with this command:

keytool -export -keystore local-ssl.p12 -alias local_ssl -file local-cert.crt

This command exports a digital certificate from the specified keystore file. You need to provide password:

Now, open Windows Explorer and navigate to the directory where the local-cert.crt file created. Right-click on the file and click Install Certificate:

Then in the first screen of Certificate Import Wizard, click Next. Click Browse, and choose Trusted Root Certification Authorities:

Click OK. Click Next. And Click Finish to complete the Certificate Import wizard. You should see a security warning, and click Yes to install the certificate.

Now, restart your browser and reload https://localhost URL, you should see a security padlock appears like this:

Congratulations! You have successfully configured secure connection (HTTPS) for a Spring Boot application using self-signed certificate. To see the steps in action, I recommend you watch the following video:

 

Spring Security Tutorials:

• Spring Security Role-based Authorization Tutorial
• Spring Security Customize Login and Logout
• How to Get Logged-in User's Details with Spring Security
• Spring Security: Prevent User from Going Back to Login Page if Already logged in

 

Other Spring Boot Tutorials:

• How to create a Spring Boot Web Application (Spring MVC with JSP/ThymeLeaf)
• Spring Boot CRUD Example with Spring MVC – Spring Data JPA – ThymeLeaf - Hibernate - MySQL
• Spring Boot Registration and Login with MySQL Database Tutorial
• Spring Boot Hello World RESTful Web Services Tutorial
• Spring Boot Thymeleaf Form Handling Tutorial
• Spring Data JPA Paging and Sorting Examples
• Spring Boot Error Handling Guide
• Spring Boot Logging Basics