HTTPS is a variant of HTTP which enables encrypted data transmission between server and client. It is therefore recommended, that you create the servlet container client (CAE) connection via HTTPS. This chapter describes how you create a key and how you configure Tomcat to use this key.
Creating a Key
To connect client and server application via HTTPS you must generate a key for the servlet container. This key is sent from server to client with each query of the client to the server. Upon every single request, the client decides whether the sender of the key is trustworthy.
The tool for creating the key is supplied with the JDK. You create the key with the following entries:
In this way you call the program keytool in the directory <java-home>/bin. You initiate creation of the key (-genkey) with the alias name (-alias spring-boot `). A key is created according to the RSA algorithm. The key is saved in the `-keystore file /example/coremedia/coremedia.keystore (here you can enter your own path/name). If you already have a key store file, you must enter the location of this file.
At the next input request, enter a password. If you want to save the key in an already existing key store, you must enter the password of this file.
At the next input request, enter the name of the server (the entry given below is an example).
What is your first and last name?
Confirm the following input requests with <Return>, until you are asked to confirm the correctness of the previous entries.
Enter "y" and <Return> to confirm the previous entries. You can cancel by entering <Return>.
After a short pause, you are asked for the "key password for < Spring Boot>".
Enter the password you have defined in step 2 for your newly created key with the alias "tomcat".
Congratulations, you have successfully performed all steps to create a key.
Spring Boot Configuration
With Spring Boot, configuring SSL can be done entirely by specifying a set of properties. For a complete reference of properties available, see common Spring application properties and look for server.ssl. prefix. For the current example, configure the properties below: