How to Configure SSL on spring boot application

Posted By Harikesh Maurya | 30-Apr-2019

Setting SSL on spring boot application requires three simple steps:-

  1. Generating a self signed certificate

  2. Configuring SSL in spring boot application.

  3. Redirect HTTP to https port. (if required)

 

1. Generating self-signed certificate

SSL (Secure Sockets Layer ) - it is an industry standard protocol for a secure connection between the two systems. By preventing hackers from reading and modifying any information transferred.

 

There are two ways to get an SSL certificate  

  1. Get one from a Certificate Authority or

  2. Generate Self-signed Certificate

 

Here, the steps to generate Self-signed Certificate :

keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -keystore oodles.jks -validity 3650

Then this will ask for a password :-

Enter keystore password: 
Re-enter new password:

Then finally answer a few questions and your certificate is ready.

 

2. Now Configure your SSL certificate in spring application by adding generated Self-signed certificate properties in your application.properties file

server.port=8443
security.require-ssl=true
server.ssl.key-store-type=JKS
server.ssl.key-store=classpath:certificate/oodles.jks
server.ssl.key-store-password=password
server.ssl.key-alias=tomcat
server.ssl.key-store-provider=SunJSSE

Now you can run your application on https://localhost:8443

 

Note:-  https  means that your browser is not trusted on your certificate because it is self-made to resolve it you have to buy a certificate from Certificate Authority

 

3. The Last step is to redirect application from HTTP to https (optional)

For this we need to add the TomcatServletWebServerFactory bean to one of our @Configuration classes. So all the traffic which comes on HTTP 8080 will move on https 8443 so that the full site becomes secured.

@Configuration
public class SslConfig {

    @Value("${server.port}")
    private int port;

    @Bean
    public ServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint = new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            }
        };
        tomcat.addAdditionalTomcatConnectors(redirectConnector());
        return tomcat;
    }

    private Connector redirectConnector() {
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        connector.setPort(8080);
        connector.setRedirectPort(port);
        return connector;
    }
}
 
 
 
Request for Proposal

Recaptcha is required.

Sending message..