Preparing Spring Boot Applications for HTTPS Connections

Last updated 2 minutes ago

Learn how to encrypt your connection to Spring Boot applications

LightbulbWhat you'll learn

  • Create a KeyStore file
  • Encrypt your connection

Person reading a bookPrerequisites

  • A CoreMedia system
  • Knowledge about the CoreMedia system's file structure, configuration, and operation

WristwatchTime matters

Reading time: 3 to 5 minutes

Person in front of a laptopShould I read this?

This guide is for Developers, Administrators.

HTTPS is a variant of HTTP which enables encrypted data transmission between server and client. It is therefore recommended, that you create the servlet container client (CAE) connection via HTTPS. This chapter describes how you create a key and how you configure Tomcat to use this key.

Creating a Key

To connect client and server application via HTTPS you must generate a key for the servlet container. This key is sent from server to client with each query of the client to the server. Upon every single request, the client decides whether the sender of the key is trustworthy.

Steps

The tool for creating the key is supplied with the JDK. You create the key with the following entries:

  1. Enter the following command:

    <java-home>/bin/keytool -genkey -alias spring-boot \
      -keyalg RSA \
      -storetype PKCS12 \
      -keysize 2048 \
      -keystore /example/coremedia/coremedia.keystore \
    • In this way you call the program keytool in the directory <java-home>/bin. You initiate creation of the key (-genkey) with the alias name (-alias spring-boot `). A key is created according to the RSA algorithm. The key is saved in the `-keystore file /example/coremedia/coremedia.keystore (here you can enter your own path/name). If you already have a key store file, you must enter the location of this file.

  1. At the next input request, enter a password. If you want to save the key in an already existing key store, you must enter the password of this file.

  2. At the next input request, enter the name of the server (the entry given below is an example).

    What is your first and last name?

    [Unknown]: webserver.coremedia.com

  3. Confirm the following input requests with <Return>, until you are asked to confirm the correctness of the previous entries.

  4. Enter "y" and <Return> to confirm the previous entries. You can cancel by entering <Return>.

    After a short pause, you are asked for the "key password for < Spring Boot>".

  5. Enter the password you have defined in step 2 for your newly created key with the alias "tomcat".

Congratulations, you have successfully performed all steps to create a key.

Spring Boot Configuration

With Spring Boot, configuring SSL can be done entirely by specifying a set of properties. For a complete reference of properties available, see common Spring application properties and look for server.ssl. prefix. For the current example, configure the properties below:

server.ssl.enabled=true
server.ssl.key-alias=spring-boot
server.ssl.key-password=changeit
server.ssl.key-store=/example/coremedia/coremedia.keystore
server.ssl.key-store-type=PKCS12
server.ssl.key-store-password=changeit
Copyright © 2021 CoreMedia GmbH, CoreMedia Corporation. All Rights Reserved.