Last Updated on 01 September 2021   |   Print Email
Secure web connection is required and becomes standard today. In this Spring Boot tutorial, I’d be happy to share with you about HTTPS configuration for a Spring Boot application, for local development purpose, with a self-signed certificate.To follow this guide, you must have JDK (Java Development Kit) installed on your computer so you can use its keytool for creating SSL certificate, and I suppose that you’re developing a Spring Boot project.
1. Generate Self-Signed Certificate using Java keytool
The SSL protocol requires a server provide a digital certificate which is trusted by an authority. Then clients will be able to establish a secure connection to your application. For development on localhost, you can create a self-signed certificate which is then installed to be trusted by your web browsers.Open a new command prompt window, and type the following command:
This command will generate a key pair (public key and private key) using RSA cryptography algorithm. Let me explain the arguments for the keytool program:
-genkeypair: generates a key pair
-alias local_ssl: specifies the alias of the keypair is local_ssl, which uniquely identifies it.
-keyalg RSA: specifies the algorithm to be used is RSA
-keysize 2048: specifies the size of the key is 2048 bit
-storetype PKCS12: specifies the file format to store the key pair is PKCS12
-keystore local-ssl.p12: species name of the file that stores the key pair is local-ssl.p12
-validity 365: specifies the expiration date will be 365 days from now
-ext san=dns:localhost: includes an X.509 extension for Subject Alternate Name (SAN) – a SAN is required so the certificate will be trusted by browsers on localhost
NOTE: the keytool program is available in JDK’s bin directory, so you may need to change the current directory to JDK_HOME\bin if you don’t have setup for JAVA_HOME environment variable.Then you have to enter password for the keystore as well as supplying some extra information, as shown below:
The result is a keystore file named local-ssl.p12 created in the current directory.
2. Enable SSL for Spring Boot Application
Copy the local-ssl.p12 file to your Spring Boot project, under src/main/resources like this:Then enable SSL for embedded Tomcat server in the Spring Boot application configuration file (application.yml in my case) as follows:
server:
port: 443
servlet:
context-path: /
ssl:
enabled: true
key-alias: local_ssl
key-store: classpath:local-ssl.p12
key-store-type: PKCS12
key-password: <keystore_password>
key-store-password: <keystore_password>
Now, you can start your Spring Boot application. And notice the embedded Tomcat server is now listening on HTTPS port number (443):Then try to access https://localhost in Chrome browser, you should see an error like this:This is because the self-signed SSL certificate sent from the server is not trusted by the browser. Don’t worry. See the next step below.
3. Install Self-Signed Certificate
Now you have to generate a certificate file from the keystore file. Use the keytool program with this command:
This command exports a digital certificate from the specified keystore file. You need to provide password:Now, open Windows Explorer and navigate to the directory where the local-cert.crt file created. Right-click on the file and click Install Certificate:Then in the first screen of Certificate Import Wizard, click Next. Click Browse, and choose Trusted Root Certification Authorities:Click OK. Click Next. And Click Finish to complete the Certificate Import wizard. You should see a security warning, and click Yes to install the certificate.Now, restart your browser and reload https://localhost URL, you should see a security padlock appears like this:Congratulations! You have successfully configured secure connection (HTTPS) for a Spring Boot application using self-signed certificate. To see the steps in action, I recommend you watch the following video:
Nam Ha Minh is certified Java programmer (SCJP and SCWCD). He started programming with Java in the time of Java 1.4 and has been falling in love with Java since then. Make friend with him on Facebook and watch his Java videos you YouTube.