Spring Boot - enable and configure SSL certificate
I have this certificates / files in order to enable SSL for my application:
I found out that this properties are needed for Spring Boot to enable HTTPS:
server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=****
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat
but this does not work. My question now would be what do I have to do in order to get it work? https://abc.lehr.co.at should be the URL.
[EDIT]
I have created my own keystore - with this I get the following exception:
java.io.IOException: Alias name tomcat does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:596)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:534)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:363)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:739)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:472)
at org.apache.coyote.http11.Http11NioProtocol.start(Http11NioProtocol.java:81)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:986)
My keystore looks like this:
Actually I don't know what to import into keystore for embedded tomcat (Spring Boot).
ssl spring-boot https
asked Mar 28 '18 at 12:11
qumaquma
71783480
add a comment |
I have this certificates / files in order to enable SSL for my application:
I found out that this properties are needed for Spring Boot to enable HTTPS:
server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=****
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat
but this does not work. My question now would be what do I have to do in order to get it work? https://abc.lehr.co.at should be the URL.
[EDIT]
I have created my own keystore - with this I get the following exception:
java.io.IOException: Alias name tomcat does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:596)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:534)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:363)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:739)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:472)
at org.apache.coyote.http11.Http11NioProtocol.start(Http11NioProtocol.java:81)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:986)
My keystore looks like this:
Actually I don't know what to import into keystore for embedded tomcat (Spring Boot).
ssl spring-boot https
asked Mar 28 '18 at 12:11
qumaquma
71783480
server.ssl.enabled=truewould be a good start.
– Marc Tarin
Mar 28 '18 at 12:26
1
There are tons of example available online. Give it a try first, and if you are stuck, give us the detail of what you tried and what failed.
– Marc Tarin
Mar 28 '18 at 12:55
1
stackoverflow.com/questions/29522114/…
– Bhushan Uniyal
Apr 3 '18 at 13:22
1
Does anyone know how to achieve above pro grammatically in spring boot. We've to read keystore file path and password at run time from a remote location and fill in this assuming SSL object and would like spring to inject that as part of it's initialization. Anyidea?
– Simple-Solution
Jul 13 '18 at 18:00
add a comment |
I have this certificates / files in order to enable SSL for my application:
I found out that this properties are needed for Spring Boot to enable HTTPS:
server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=****
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat
but this does not work. My question now would be what do I have to do in order to get it work? https://abc.lehr.co.at should be the URL.
[EDIT]
I have created my own keystore - with this I get the following exception:
java.io.IOException: Alias name tomcat does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:596)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:534)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:363)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:739)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:472)
at org.apache.coyote.http11.Http11NioProtocol.start(Http11NioProtocol.java:81)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:986)
My keystore looks like this:
Actually I don't know what to import into keystore for embedded tomcat (Spring Boot).
ssl spring-boot https
asked Mar 28 '18 at 12:11
qumaquma
71783480
I have this certificates / files in order to enable SSL for my application:
I found out that this properties are needed for Spring Boot to enable HTTPS:
server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=****
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat
but this does not work. My question now would be what do I have to do in order to get it work? https://abc.lehr.co.at should be the URL.
[EDIT]
I have created my own keystore - with this I get the following exception:
java.io.IOException: Alias name tomcat does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:596)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:534)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:363)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:739)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:472)
at org.apache.coyote.http11.Http11NioProtocol.start(Http11NioProtocol.java:81)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:986)
My keystore looks like this:
Actually I don't know what to import into keystore for embedded tomcat (Spring Boot).
ssl spring-boot https
ssl spring-boot https
asked Mar 28 '18 at 12:11
qumaquma
71783480
asked Mar 28 '18 at 12:11
qumaquma
71783480
edited Mar 29 '18 at 12:22
quma
asked Mar 28 '18 at 12:11
qumaquma
71783480
asked Mar 28 '18 at 12:11
qumaquma
71783480
asked Mar 28 '18 at 12:11
qumaquma
71783480
71783480
server.ssl.enabled=truewould be a good start.
– Marc Tarin
Mar 28 '18 at 12:26
1
There are tons of example available online. Give it a try first, and if you are stuck, give us the detail of what you tried and what failed.
– Marc Tarin
Mar 28 '18 at 12:55
1
stackoverflow.com/questions/29522114/…
– Bhushan Uniyal
Apr 3 '18 at 13:22
1
Does anyone know how to achieve above pro grammatically in spring boot. We've to read keystore file path and password at run time from a remote location and fill in this assuming SSL object and would like spring to inject that as part of it's initialization. Anyidea?
– Simple-Solution
Jul 13 '18 at 18:00
add a comment |
server.ssl.enabled=truewould be a good start.
– Marc Tarin
Mar 28 '18 at 12:26
1
There are tons of example available online. Give it a try first, and if you are stuck, give us the detail of what you tried and what failed.
– Marc Tarin
Mar 28 '18 at 12:55
1
stackoverflow.com/questions/29522114/…
– Bhushan Uniyal
Apr 3 '18 at 13:22
1
Does anyone know how to achieve above pro grammatically in spring boot. We've to read keystore file path and password at run time from a remote location and fill in this assuming SSL object and would like spring to inject that as part of it's initialization. Anyidea?
– Simple-Solution
Jul 13 '18 at 18:00
server.ssl.enabled=true would be a good start.– Marc Tarin
Mar 28 '18 at 12:26
server.ssl.enabled=true would be a good start.– Marc Tarin
Mar 28 '18 at 12:26
1
1
There are tons of example available online. Give it a try first, and if you are stuck, give us the detail of what you tried and what failed.
– Marc Tarin
Mar 28 '18 at 12:55
There are tons of example available online. Give it a try first, and if you are stuck, give us the detail of what you tried and what failed.
– Marc Tarin
Mar 28 '18 at 12:55
1
1
stackoverflow.com/questions/29522114/…
– Bhushan Uniyal
Apr 3 '18 at 13:22
stackoverflow.com/questions/29522114/…
– Bhushan Uniyal
Apr 3 '18 at 13:22
1
1
Does anyone know how to achieve above pro grammatically in spring boot. We've to read keystore file path and password at run time from a remote location and fill in this assuming SSL object and would like spring to inject that as part of it's initialization. Anyidea?
– Simple-Solution
Jul 13 '18 at 18:00
Does anyone know how to achieve above pro grammatically in spring boot. We've to read keystore file path and password at run time from a remote location and fill in this assuming SSL object and would like spring to inject that as part of it's initialization. Anyidea?
– Simple-Solution
Jul 13 '18 at 18:00
add a comment |
4 Answers
4
active
oldest
votes
To enable SSL, you must provide a private key, and not a trusted certificate.
In your keystore, 'tomcat' should be listed as an alias for a privatekeyentry and not a trustedcertentry.
answered Mar 31 '18 at 21:32
Camille VienotCamille Vienot
41024
add a comment |
You have to pack your private keys to PFX file or P12 with specifiyng aliases. So, it will be picked up accordingly from the keyStore after loading materials.
Use this tool to figure out what alias are:
keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug
answered Apr 4 '18 at 22:45
AlexGeraAlexGera
451513
add a comment |
I'd suggest you create your KeyStore in JKS format:
keytool -genkey -keyalg RSA -alias my_alias -keystore keystore.jks -storepass password -validity 360 -keysize 2048
then add the configuration:
server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.jks
server.ssl.key-store-password=****
server.ssl.keyStoreType=JKS
server.ssl.keyAlias=my_alias
answered Apr 7 '18 at 18:35
renarena
4761618
add a comment |
server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=****
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat << This should be the alias of yourfile.12 if you have forgotten just create a new one and replace it>>
And dnt forget to add
security.require-ssl=true <<Tell Spring Security (if used) to require requests over HTTPS>>
answered Nov 14 '18 at 11:47
joe cutterjoe cutter
1
security.require-ssl=true is depricated in Spring Boot 2
– jarosik
Dec 1 '18 at 21:36
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f49534219%2fspring-boot-enable-and-configure-ssl-certificate%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
To enable SSL, you must provide a private key, and not a trusted certificate.
In your keystore, 'tomcat' should be listed as an alias for a privatekeyentry and not a trustedcertentry.
answered Mar 31 '18 at 21:32
Camille VienotCamille Vienot
41024
add a comment |
To enable SSL, you must provide a private key, and not a trusted certificate.
In your keystore, 'tomcat' should be listed as an alias for a privatekeyentry and not a trustedcertentry.
answered Mar 31 '18 at 21:32
Camille VienotCamille Vienot
41024
add a comment |
To enable SSL, you must provide a private key, and not a trusted certificate.
In your keystore, 'tomcat' should be listed as an alias for a privatekeyentry and not a trustedcertentry.
answered Mar 31 '18 at 21:32
Camille VienotCamille Vienot
41024
To enable SSL, you must provide a private key, and not a trusted certificate.
In your keystore, 'tomcat' should be listed as an alias for a privatekeyentry and not a trustedcertentry.
answered Mar 31 '18 at 21:32
Camille VienotCamille Vienot
41024
edited Mar 31 '18 at 23:00
answered Mar 31 '18 at 21:32
Camille VienotCamille Vienot
41024
answered Mar 31 '18 at 21:32
Camille VienotCamille Vienot
41024
answered Mar 31 '18 at 21:32
Camille VienotCamille Vienot
41024
41024
add a comment |
add a comment |
You have to pack your private keys to PFX file or P12 with specifiyng aliases. So, it will be picked up accordingly from the keyStore after loading materials.
Use this tool to figure out what alias are:
keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug
answered Apr 4 '18 at 22:45
AlexGeraAlexGera
451513
add a comment |
You have to pack your private keys to PFX file or P12 with specifiyng aliases. So, it will be picked up accordingly from the keyStore after loading materials.
Use this tool to figure out what alias are:
keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug
answered Apr 4 '18 at 22:45
AlexGeraAlexGera
451513
add a comment |
You have to pack your private keys to PFX file or P12 with specifiyng aliases. So, it will be picked up accordingly from the keyStore after loading materials.
Use this tool to figure out what alias are:
keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug
answered Apr 4 '18 at 22:45
AlexGeraAlexGera
451513
You have to pack your private keys to PFX file or P12 with specifiyng aliases. So, it will be picked up accordingly from the keyStore after loading materials.
Use this tool to figure out what alias are:
keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug
answered Apr 4 '18 at 22:45
AlexGeraAlexGera
451513
answered Apr 4 '18 at 22:45
AlexGeraAlexGera
451513
answered Apr 4 '18 at 22:45
AlexGeraAlexGera
451513
answered Apr 4 '18 at 22:45
AlexGeraAlexGera
451513
451513
add a comment |
add a comment |
I'd suggest you create your KeyStore in JKS format:
keytool -genkey -keyalg RSA -alias my_alias -keystore keystore.jks -storepass password -validity 360 -keysize 2048
then add the configuration:
server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.jks
server.ssl.key-store-password=****
server.ssl.keyStoreType=JKS
server.ssl.keyAlias=my_alias
answered Apr 7 '18 at 18:35
renarena
4761618
add a comment |
I'd suggest you create your KeyStore in JKS format:
keytool -genkey -keyalg RSA -alias my_alias -keystore keystore.jks -storepass password -validity 360 -keysize 2048
then add the configuration:
server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.jks
server.ssl.key-store-password=****
server.ssl.keyStoreType=JKS
server.ssl.keyAlias=my_alias
answered Apr 7 '18 at 18:35
renarena
4761618
add a comment |
I'd suggest you create your KeyStore in JKS format:
keytool -genkey -keyalg RSA -alias my_alias -keystore keystore.jks -storepass password -validity 360 -keysize 2048
then add the configuration:
server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.jks
server.ssl.key-store-password=****
server.ssl.keyStoreType=JKS
server.ssl.keyAlias=my_alias
answered Apr 7 '18 at 18:35
renarena
4761618
I'd suggest you create your KeyStore in JKS format:
keytool -genkey -keyalg RSA -alias my_alias -keystore keystore.jks -storepass password -validity 360 -keysize 2048
then add the configuration:
server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.jks
server.ssl.key-store-password=****
server.ssl.keyStoreType=JKS
server.ssl.keyAlias=my_alias
answered Apr 7 '18 at 18:35
renarena
4761618
answered Apr 7 '18 at 18:35
renarena
4761618
answered Apr 7 '18 at 18:35
renarena
4761618
answered Apr 7 '18 at 18:35
renarena
4761618
4761618
add a comment |
add a comment |
server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=****
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat << This should be the alias of yourfile.12 if you have forgotten just create a new one and replace it>>
And dnt forget to add
security.require-ssl=true <<Tell Spring Security (if used) to require requests over HTTPS>>
answered Nov 14 '18 at 11:47
joe cutterjoe cutter
1
security.require-ssl=true is depricated in Spring Boot 2
– jarosik
Dec 1 '18 at 21:36
add a comment |
server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=****
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat << This should be the alias of yourfile.12 if you have forgotten just create a new one and replace it>>
And dnt forget to add
security.require-ssl=true <<Tell Spring Security (if used) to require requests over HTTPS>>
answered Nov 14 '18 at 11:47
joe cutterjoe cutter
1
security.require-ssl=true is depricated in Spring Boot 2
– jarosik
Dec 1 '18 at 21:36
add a comment |
server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=****
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat << This should be the alias of yourfile.12 if you have forgotten just create a new one and replace it>>
And dnt forget to add
security.require-ssl=true <<Tell Spring Security (if used) to require requests over HTTPS>>
answered Nov 14 '18 at 11:47
joe cutterjoe cutter
1
server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=****
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat << This should be the alias of yourfile.12 if you have forgotten just create a new one and replace it>>
And dnt forget to add
security.require-ssl=true <<Tell Spring Security (if used) to require requests over HTTPS>>
answered Nov 14 '18 at 11:47
joe cutterjoe cutter
1
answered Nov 14 '18 at 11:47
joe cutterjoe cutter
1
answered Nov 14 '18 at 11:47
joe cutterjoe cutter
1
answered Nov 14 '18 at 11:47
joe cutterjoe cutter
1
1
security.require-ssl=true is depricated in Spring Boot 2
– jarosik
Dec 1 '18 at 21:36
add a comment |
security.require-ssl=true is depricated in Spring Boot 2
– jarosik
Dec 1 '18 at 21:36
security.require-ssl=true is depricated in Spring Boot 2
– jarosik
Dec 1 '18 at 21:36
security.require-ssl=true is depricated in Spring Boot 2
– jarosik
Dec 1 '18 at 21:36
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f49534219%2fspring-boot-enable-and-configure-ssl-certificate%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
server.ssl.enabled=truewould be a good start.– Marc Tarin
Mar 28 '18 at 12:26
1
There are tons of example available online. Give it a try first, and if you are stuck, give us the detail of what you tried and what failed.
– Marc Tarin
Mar 28 '18 at 12:55
1
stackoverflow.com/questions/29522114/…
– Bhushan Uniyal
Apr 3 '18 at 13:22
1
Does anyone know how to achieve above pro grammatically in spring boot. We've to read keystore file path and password at run time from a remote location and fill in this assuming SSL object and would like spring to inject that as part of it's initialization. Anyidea?
– Simple-Solution
Jul 13 '18 at 18:00