How to Enable HTTPS – (SSL/TLS) in a Java Spring Boot Application

In this article we will see how to enable ssl for your spring boot application.

HTTPS vs SSL vs TLS

HTTPS is the secure version of HTTP (Hyper Text Transfer Protocol). SSL (Secure Sockets Layer) is the encryption protocol used when communication happens over a network and this is what makes HTTPS secure. TLS (Transport Layer Security) is the upgraded version of SSL and in fact SSL has been deprecated . But the term has caught on with everyone and hence SSL and TLS are used interchangeably.

WHY HTTPS ?

HTTPS is required for privacy , integrity and identification.

Privacy : The data transferred over the network is secured by TLS so that even if the traffic is intercepted it will be extremely difficult to decrypt it.

Integrity: The data sent reaches the intended receiver without being tampered.

Identification : The sender is who he says he is and the receiver is who he says he is.

STEPS TO enable https in a Java spring Boot app

  • Get SSL Certificate
  • Configure SpringBoot Application to use the certificate

STEP 1: GET SSL CERTIFICATE

There are two ways to get an SSL certificate

  1. Create a self signed SSL certificate. (Useful for DEV and TEST environments)
  2. Use a certificate issued by a Certificate Authority. (For Production)

Keytool is a certificate management utility provided by Java. We will use it to create our self signed certificate. Keytool will generate a keystore file which will have the private-public key pair which essentially is the certificate.

keytool -genkeypair -alias springboot -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore app.p12 -validity 3650

The above command is used to create a cryptographic key-pair and store it in a keystore file ( app.p12 ) with the PKCS12 standard. Note that you will be prompted to create a password and also give other details like organization name once you hit Enter. A single keystore file can have more than one such key-pair.

PKCS12 (Public Key Cryptographic Standards) is the industry standard for private key pairs and it is language neutral which is supported by Spring Boot apps as well . The other format which Spring boot supports is the JKS (Java Key Store) which is used primarily for Java applications.

Below command can be used to generate a JKS keystore.

keytool -genkeypair -alias springboot -keyalg RSA -keysize 2048 -keystore app.jks -validity 3650

For production applications we might not a want a self signed certificate. We would need to get a certificate issued by a CA and then convert into either JKS or PKCS12 keystore file. Below is the command to convert the certificate cert.crt to keystore file app.p12

keytool -import -alias springboot -file cert.crt -keystore app.p12

Step 2: Configure the Spring Boot Application

Now that we have our own keystore file ensure to place the file in resources folder of the application. Now simply add the below properties to the application.properties file

server.port=8443

server.ssl.key-store-type=PKCS12
server.ssl.key-store=classpath:app.p12
server.ssl.key-store-password=963852
server.ssl.key-alias=springboot

These are the properties which we used to create the keystore file in Step 1. Now all we need to do is ensure that Spring boot allows only ssl requests after validating the keystore file. Add the below class to enable secure requests.

Accept only HTTPS requests

Now all requests to http will return a Bad Request error. This certificate can be distributed to the clients so that the browser trusts our URL.

CONCLUSION

In this article we saw how to create our own self signed certificate and enable HTTPS in Spring Boot. Optionally if the project demands we could tweak the Embedded Server configuration so that any request to HTTP is automatically redirected to HTTPS.

REFERENCES

https://docs.oracle.com/cd/E19509-01/820-3503/ggbhv/index.html

https://tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html

https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#howto-configure-ssl

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s