How to Configure SSL on spring boot application
Posted By : Harikesh Maurya | 09-Mar-2021
Setting SSL on spring boot application requires three simple steps:-
-
Generating a self signed certificate
-
Configuring SSL in spring boot application.
-
Redirect HTTP to https port. (if required)
1. Generating self-signed certificate
SSL (Secure Sockets Layer ) - it is an industry standard protocol for a secure connection between the two systems. By preventing hackers from reading and modifying any information transferred.
There are two ways to get an SSL certificate
-
Get one from a Certificate Authority or
-
Generate Self-signed Certificate
Here, the steps to generate Self-signed Certificate :
keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -keystore oodles.jks -validity 3650
Then this will ask for a password :-
Enter keystore password: Re-enter new password:
Then finally answer a few questions and your certificate is ready.
2. Now Configure your SSL certificate in spring application by adding generated Self-signed certificate properties in your application.properties file
server.port=8443 security.require-ssl=true server.ssl.key-store-type=JKS server.ssl.key-store=classpath:certificate/oodles.jks server.ssl.key-store-password=password server.ssl.key-alias=tomcat server.ssl.key-store-provider=SunJSSE
Now you can run your application on https://localhost:8443
Note:- https means that your browser is not trusted on your certificate because it is self-made to resolve it you have to buy a certificate from Certificate Authority
3. The Last step is to redirect application from HTTP to https (optional)
For this we need to add the TomcatServletWebServerFactory bean to one of our @Configuration classes. So all the traffic which comes on HTTP 8080 will move on https 8443 so that the full site becomes secured.
@Configuration public class SslConfig { @Value("${server.port}") private int port; @Bean public ServletWebServerFactory servletContainer() { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); } }; tomcat.addAdditionalTomcatConnectors(redirectConnector()); return tomcat; } private Connector redirectConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); connector.setPort(8080); connector.setRedirectPort(port); return connector; } }
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Harikesh Maurya
Harikesh is an Experienced Software Engineer with a demonstrated history of working in the information technology and services industry. Skilled in Java Enterprise Edition, Java, Spring Boot, Spring Security, and Hibernate. He has a good sense of humor.