Spring Boot - enable and configure SSL certificate










9















I have this certificates / files in order to enable SSL for my application:



certificates



I found out that this properties are needed for Spring Boot to enable HTTPS:



server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=****
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat


but this does not work. My question now would be what do I have to do in order to get it work? https://abc.lehr.co.at should be the URL.



[EDIT]



I have created my own keystore - with this I get the following exception:



java.io.IOException: Alias name tomcat does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:596)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:534)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:363)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:739)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:472)
at org.apache.coyote.http11.Http11NioProtocol.start(Http11NioProtocol.java:81)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:986)


My keystore looks like this:



Keystore



Actually I don't know what to import into keystore for embedded tomcat (Spring Boot).










share|improve this question
























  • server.ssl.enabled=true would be a good start.

    – Marc Tarin
    Mar 28 '18 at 12:26






  • 1





    There are tons of example available online. Give it a try first, and if you are stuck, give us the detail of what you tried and what failed.

    – Marc Tarin
    Mar 28 '18 at 12:55






  • 1





    stackoverflow.com/questions/29522114/…

    – Bhushan Uniyal
    Apr 3 '18 at 13:22






  • 1





    Does anyone know how to achieve above pro grammatically in spring boot. We've to read keystore file path and password at run time from a remote location and fill in this assuming SSL object and would like spring to inject that as part of it's initialization. Anyidea?

    – Simple-Solution
    Jul 13 '18 at 18:00















9















I have this certificates / files in order to enable SSL for my application:



certificates



I found out that this properties are needed for Spring Boot to enable HTTPS:



server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=****
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat


but this does not work. My question now would be what do I have to do in order to get it work? https://abc.lehr.co.at should be the URL.



[EDIT]



I have created my own keystore - with this I get the following exception:



java.io.IOException: Alias name tomcat does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:596)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:534)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:363)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:739)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:472)
at org.apache.coyote.http11.Http11NioProtocol.start(Http11NioProtocol.java:81)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:986)


My keystore looks like this:



Keystore



Actually I don't know what to import into keystore for embedded tomcat (Spring Boot).










share|improve this question
























  • server.ssl.enabled=true would be a good start.

    – Marc Tarin
    Mar 28 '18 at 12:26






  • 1





    There are tons of example available online. Give it a try first, and if you are stuck, give us the detail of what you tried and what failed.

    – Marc Tarin
    Mar 28 '18 at 12:55






  • 1





    stackoverflow.com/questions/29522114/…

    – Bhushan Uniyal
    Apr 3 '18 at 13:22






  • 1





    Does anyone know how to achieve above pro grammatically in spring boot. We've to read keystore file path and password at run time from a remote location and fill in this assuming SSL object and would like spring to inject that as part of it's initialization. Anyidea?

    – Simple-Solution
    Jul 13 '18 at 18:00













9












9








9


1






I have this certificates / files in order to enable SSL for my application:



certificates



I found out that this properties are needed for Spring Boot to enable HTTPS:



server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=****
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat


but this does not work. My question now would be what do I have to do in order to get it work? https://abc.lehr.co.at should be the URL.



[EDIT]



I have created my own keystore - with this I get the following exception:



java.io.IOException: Alias name tomcat does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:596)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:534)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:363)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:739)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:472)
at org.apache.coyote.http11.Http11NioProtocol.start(Http11NioProtocol.java:81)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:986)


My keystore looks like this:



Keystore



Actually I don't know what to import into keystore for embedded tomcat (Spring Boot).










share|improve this question
















I have this certificates / files in order to enable SSL for my application:



certificates



I found out that this properties are needed for Spring Boot to enable HTTPS:



server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=****
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat


but this does not work. My question now would be what do I have to do in order to get it work? https://abc.lehr.co.at should be the URL.



[EDIT]



I have created my own keystore - with this I get the following exception:



java.io.IOException: Alias name tomcat does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:596)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:534)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:363)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:739)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:472)
at org.apache.coyote.http11.Http11NioProtocol.start(Http11NioProtocol.java:81)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:986)


My keystore looks like this:



Keystore



Actually I don't know what to import into keystore for embedded tomcat (Spring Boot).







ssl spring-boot https






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 29 '18 at 12:22







quma

















asked Mar 28 '18 at 12:11









qumaquma

71783480




71783480












  • server.ssl.enabled=true would be a good start.

    – Marc Tarin
    Mar 28 '18 at 12:26






  • 1





    There are tons of example available online. Give it a try first, and if you are stuck, give us the detail of what you tried and what failed.

    – Marc Tarin
    Mar 28 '18 at 12:55






  • 1





    stackoverflow.com/questions/29522114/…

    – Bhushan Uniyal
    Apr 3 '18 at 13:22






  • 1





    Does anyone know how to achieve above pro grammatically in spring boot. We've to read keystore file path and password at run time from a remote location and fill in this assuming SSL object and would like spring to inject that as part of it's initialization. Anyidea?

    – Simple-Solution
    Jul 13 '18 at 18:00

















  • server.ssl.enabled=true would be a good start.

    – Marc Tarin
    Mar 28 '18 at 12:26






  • 1





    There are tons of example available online. Give it a try first, and if you are stuck, give us the detail of what you tried and what failed.

    – Marc Tarin
    Mar 28 '18 at 12:55






  • 1





    stackoverflow.com/questions/29522114/…

    – Bhushan Uniyal
    Apr 3 '18 at 13:22






  • 1





    Does anyone know how to achieve above pro grammatically in spring boot. We've to read keystore file path and password at run time from a remote location and fill in this assuming SSL object and would like spring to inject that as part of it's initialization. Anyidea?

    – Simple-Solution
    Jul 13 '18 at 18:00
















server.ssl.enabled=true would be a good start.

– Marc Tarin
Mar 28 '18 at 12:26





server.ssl.enabled=true would be a good start.

– Marc Tarin
Mar 28 '18 at 12:26




1




1





There are tons of example available online. Give it a try first, and if you are stuck, give us the detail of what you tried and what failed.

– Marc Tarin
Mar 28 '18 at 12:55





There are tons of example available online. Give it a try first, and if you are stuck, give us the detail of what you tried and what failed.

– Marc Tarin
Mar 28 '18 at 12:55




1




1





stackoverflow.com/questions/29522114/…

– Bhushan Uniyal
Apr 3 '18 at 13:22





stackoverflow.com/questions/29522114/…

– Bhushan Uniyal
Apr 3 '18 at 13:22




1




1





Does anyone know how to achieve above pro grammatically in spring boot. We've to read keystore file path and password at run time from a remote location and fill in this assuming SSL object and would like spring to inject that as part of it's initialization. Anyidea?

– Simple-Solution
Jul 13 '18 at 18:00





Does anyone know how to achieve above pro grammatically in spring boot. We've to read keystore file path and password at run time from a remote location and fill in this assuming SSL object and would like spring to inject that as part of it's initialization. Anyidea?

– Simple-Solution
Jul 13 '18 at 18:00












4 Answers
4






active

oldest

votes


















6





+50









To enable SSL, you must provide a private key, and not a trusted certificate.



In your keystore, 'tomcat' should be listed as an alias for a privatekeyentry and not a trustedcertentry.






share|improve this answer
































    3














    You have to pack your private keys to PFX file or P12 with specifiyng aliases. So, it will be picked up accordingly from the keyStore after loading materials.



    Use this tool to figure out what alias are:



    keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug





    share|improve this answer






























      0














      I'd suggest you create your KeyStore in JKS format:



       keytool -genkey -keyalg RSA -alias my_alias -keystore keystore.jks -storepass password -validity 360 -keysize 2048


      then add the configuration:



      server.port=8089
      server.ssl.enabled=true
      server.ssl.key-store=src/main/resources/keystore.jks
      server.ssl.key-store-password=****
      server.ssl.keyStoreType=JKS
      server.ssl.keyAlias=my_alias





      share|improve this answer






























        0














        server.port=8089
        server.ssl.enabled=true
        server.ssl.key-store=src/main/resources/keystore.p12
        server.ssl.key-store-password=****
        server.ssl.keyStoreType=PKCS12
        server.ssl.keyAlias=tomcat << This should be the alias of yourfile.12 if you have forgotten just create a new one and replace it>>


        And dnt forget to add



        security.require-ssl=true <<Tell Spring Security (if used) to require requests over HTTPS>>





        share|improve this answer























        • security.require-ssl=true is depricated in Spring Boot 2

          – jarosik
          Dec 1 '18 at 21:36










        Your Answer






        StackExchange.ifUsing("editor", function ()
        StackExchange.using("externalEditor", function ()
        StackExchange.using("snippets", function ()
        StackExchange.snippets.init();
        );
        );
        , "code-snippets");

        StackExchange.ready(function()
        var channelOptions =
        tags: "".split(" "),
        id: "1"
        ;
        initTagRenderer("".split(" "), "".split(" "), channelOptions);

        StackExchange.using("externalEditor", function()
        // Have to fire editor after snippets, if snippets enabled
        if (StackExchange.settings.snippets.snippetsEnabled)
        StackExchange.using("snippets", function()
        createEditor();
        );

        else
        createEditor();

        );

        function createEditor()
        StackExchange.prepareEditor(
        heartbeatType: 'answer',
        autoActivateHeartbeat: false,
        convertImagesToLinks: true,
        noModals: true,
        showLowRepImageUploadWarning: true,
        reputationToPostImages: 10,
        bindNavPrevention: true,
        postfix: "",
        imageUploader:
        brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
        contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
        allowUrls: true
        ,
        onDemand: true,
        discardSelector: ".discard-answer"
        ,immediatelyShowMarkdownHelp:true
        );



        );













        draft saved

        draft discarded


















        StackExchange.ready(
        function ()
        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f49534219%2fspring-boot-enable-and-configure-ssl-certificate%23new-answer', 'question_page');

        );

        Post as a guest















        Required, but never shown

























        4 Answers
        4






        active

        oldest

        votes








        4 Answers
        4






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes









        6





        +50









        To enable SSL, you must provide a private key, and not a trusted certificate.



        In your keystore, 'tomcat' should be listed as an alias for a privatekeyentry and not a trustedcertentry.






        share|improve this answer





























          6





          +50









          To enable SSL, you must provide a private key, and not a trusted certificate.



          In your keystore, 'tomcat' should be listed as an alias for a privatekeyentry and not a trustedcertentry.






          share|improve this answer



























            6





            +50







            6





            +50



            6




            +50





            To enable SSL, you must provide a private key, and not a trusted certificate.



            In your keystore, 'tomcat' should be listed as an alias for a privatekeyentry and not a trustedcertentry.






            share|improve this answer















            To enable SSL, you must provide a private key, and not a trusted certificate.



            In your keystore, 'tomcat' should be listed as an alias for a privatekeyentry and not a trustedcertentry.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Mar 31 '18 at 23:00

























            answered Mar 31 '18 at 21:32









            Camille VienotCamille Vienot

            41024




            41024























                3














                You have to pack your private keys to PFX file or P12 with specifiyng aliases. So, it will be picked up accordingly from the keyStore after loading materials.



                Use this tool to figure out what alias are:



                keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug





                share|improve this answer



























                  3














                  You have to pack your private keys to PFX file or P12 with specifiyng aliases. So, it will be picked up accordingly from the keyStore after loading materials.



                  Use this tool to figure out what alias are:



                  keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug





                  share|improve this answer

























                    3












                    3








                    3







                    You have to pack your private keys to PFX file or P12 with specifiyng aliases. So, it will be picked up accordingly from the keyStore after loading materials.



                    Use this tool to figure out what alias are:



                    keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug





                    share|improve this answer













                    You have to pack your private keys to PFX file or P12 with specifiyng aliases. So, it will be picked up accordingly from the keyStore after loading materials.



                    Use this tool to figure out what alias are:



                    keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug






                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Apr 4 '18 at 22:45









                    AlexGeraAlexGera

                    451513




                    451513





















                        0














                        I'd suggest you create your KeyStore in JKS format:



                         keytool -genkey -keyalg RSA -alias my_alias -keystore keystore.jks -storepass password -validity 360 -keysize 2048


                        then add the configuration:



                        server.port=8089
                        server.ssl.enabled=true
                        server.ssl.key-store=src/main/resources/keystore.jks
                        server.ssl.key-store-password=****
                        server.ssl.keyStoreType=JKS
                        server.ssl.keyAlias=my_alias





                        share|improve this answer



























                          0














                          I'd suggest you create your KeyStore in JKS format:



                           keytool -genkey -keyalg RSA -alias my_alias -keystore keystore.jks -storepass password -validity 360 -keysize 2048


                          then add the configuration:



                          server.port=8089
                          server.ssl.enabled=true
                          server.ssl.key-store=src/main/resources/keystore.jks
                          server.ssl.key-store-password=****
                          server.ssl.keyStoreType=JKS
                          server.ssl.keyAlias=my_alias





                          share|improve this answer

























                            0












                            0








                            0







                            I'd suggest you create your KeyStore in JKS format:



                             keytool -genkey -keyalg RSA -alias my_alias -keystore keystore.jks -storepass password -validity 360 -keysize 2048


                            then add the configuration:



                            server.port=8089
                            server.ssl.enabled=true
                            server.ssl.key-store=src/main/resources/keystore.jks
                            server.ssl.key-store-password=****
                            server.ssl.keyStoreType=JKS
                            server.ssl.keyAlias=my_alias





                            share|improve this answer













                            I'd suggest you create your KeyStore in JKS format:



                             keytool -genkey -keyalg RSA -alias my_alias -keystore keystore.jks -storepass password -validity 360 -keysize 2048


                            then add the configuration:



                            server.port=8089
                            server.ssl.enabled=true
                            server.ssl.key-store=src/main/resources/keystore.jks
                            server.ssl.key-store-password=****
                            server.ssl.keyStoreType=JKS
                            server.ssl.keyAlias=my_alias






                            share|improve this answer












                            share|improve this answer



                            share|improve this answer










                            answered Apr 7 '18 at 18:35









                            renarena

                            4761618




                            4761618





















                                0














                                server.port=8089
                                server.ssl.enabled=true
                                server.ssl.key-store=src/main/resources/keystore.p12
                                server.ssl.key-store-password=****
                                server.ssl.keyStoreType=PKCS12
                                server.ssl.keyAlias=tomcat << This should be the alias of yourfile.12 if you have forgotten just create a new one and replace it>>


                                And dnt forget to add



                                security.require-ssl=true <<Tell Spring Security (if used) to require requests over HTTPS>>





                                share|improve this answer























                                • security.require-ssl=true is depricated in Spring Boot 2

                                  – jarosik
                                  Dec 1 '18 at 21:36















                                0














                                server.port=8089
                                server.ssl.enabled=true
                                server.ssl.key-store=src/main/resources/keystore.p12
                                server.ssl.key-store-password=****
                                server.ssl.keyStoreType=PKCS12
                                server.ssl.keyAlias=tomcat << This should be the alias of yourfile.12 if you have forgotten just create a new one and replace it>>


                                And dnt forget to add



                                security.require-ssl=true <<Tell Spring Security (if used) to require requests over HTTPS>>





                                share|improve this answer























                                • security.require-ssl=true is depricated in Spring Boot 2

                                  – jarosik
                                  Dec 1 '18 at 21:36













                                0












                                0








                                0







                                server.port=8089
                                server.ssl.enabled=true
                                server.ssl.key-store=src/main/resources/keystore.p12
                                server.ssl.key-store-password=****
                                server.ssl.keyStoreType=PKCS12
                                server.ssl.keyAlias=tomcat << This should be the alias of yourfile.12 if you have forgotten just create a new one and replace it>>


                                And dnt forget to add



                                security.require-ssl=true <<Tell Spring Security (if used) to require requests over HTTPS>>





                                share|improve this answer













                                server.port=8089
                                server.ssl.enabled=true
                                server.ssl.key-store=src/main/resources/keystore.p12
                                server.ssl.key-store-password=****
                                server.ssl.keyStoreType=PKCS12
                                server.ssl.keyAlias=tomcat << This should be the alias of yourfile.12 if you have forgotten just create a new one and replace it>>


                                And dnt forget to add



                                security.require-ssl=true <<Tell Spring Security (if used) to require requests over HTTPS>>






                                share|improve this answer












                                share|improve this answer



                                share|improve this answer










                                answered Nov 14 '18 at 11:47









                                joe cutterjoe cutter

                                1




                                1












                                • security.require-ssl=true is depricated in Spring Boot 2

                                  – jarosik
                                  Dec 1 '18 at 21:36

















                                • security.require-ssl=true is depricated in Spring Boot 2

                                  – jarosik
                                  Dec 1 '18 at 21:36
















                                security.require-ssl=true is depricated in Spring Boot 2

                                – jarosik
                                Dec 1 '18 at 21:36





                                security.require-ssl=true is depricated in Spring Boot 2

                                – jarosik
                                Dec 1 '18 at 21:36

















                                draft saved

                                draft discarded
















































                                Thanks for contributing an answer to Stack Overflow!


                                • Please be sure to answer the question. Provide details and share your research!

                                But avoid


                                • Asking for help, clarification, or responding to other answers.

                                • Making statements based on opinion; back them up with references or personal experience.

                                To learn more, see our tips on writing great answers.




                                draft saved


                                draft discarded














                                StackExchange.ready(
                                function ()
                                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f49534219%2fspring-boot-enable-and-configure-ssl-certificate%23new-answer', 'question_page');

                                );

                                Post as a guest















                                Required, but never shown





















































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown

































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown







                                Popular posts from this blog

                                Use pre created SQLite database for Android project in kotlin

                                Darth Vader #20

                                Ondo