Apr 26, 2018

Springboot: Running Application on Https with Java keystore

Consider Source code available on my git repository https://github.com/mitanjos/sping4hibernate5.git. If I run this application with default profile, it will run on http port 8000

and can be accessed as url http://localhost:8000/api/v1/category

Now we want to ensure that this port is exposed as https service and will require client to have appropriate keystore to trust response sent by our service.

So first we generate keystore using java keygen tool as follows.

Run command

keytool -genkeypair -alias selfsignedcert -keypass password -keystore myapi.keystore -storepass password -validity 180

and provide required details as prompted.

For the sake of simplicity I have added generated file in resources.

Now we want to add this file in our server configuration. To achieve that you need to set following properties in spring boot startup configuration.

server.ssl.key-store = classpath:myapi.keystore
server.ssl.key-store-password = password
server.ssl.key-password = password

So we create a separate file (to dynamically chose between normal run and running application under https with keystore we have just created). Refer application-secure.properties here in the repository.

Now we run the same application with parameter -Dspring.profiles.active=secure so that system will pickup application-secure.properties and start listening to port 8443 on https protocol.

Now if you try to curl it normally it will give error as ssl handshake will fail.

In the next blog we will configure this keystore with Feign client to access this REST endpoint.