How to enable HTTPS using SSL in a spring boot application
In this tutorial, We are going to learn about enabling HTTPS using SSL in a spring boot application.
Firstly, generate a Spring Boot project using Spring Initializr and set Artifact as https-example and group as com.behindjava and add the Web dependency as shown in the image and click generate or CTRL+enter.
Once the project is generated. It is download as a ZIP file, UNZIP the project and import in your Spring Tool Suite.
Now we are going to create a basic rest controller class with a rest end-point to return something.
@RestController
@RequestMapping("/hello")
public class HelloRestController {
@GetMapping
public String welcomeUser()
{
return "Greetings from Behind Java";
}
}
We need to secure this rest end-point, Firstly by changing the port number to 8443. To make HTTP enabled and in addition to this, we need to add few more configurations in the application.properties to make spring boot use SSL.
server.port=8443
server.ssl.key-alias=selfsigned
server.ssl.key-store-type=JKS
server.ssl.key-password=changeit
server.ssl.key-store=classpath:keystore.jks
In order to provide a secure HTTPS connection there are two ways to secure the connection i.e., SSL or TLS.
SSL stands for Secure Socket Layer
SSL uses port number 443, encrypting data exchanged between the browser and the server and authenticating the user. Therefore, when the communications between the web browser and server need to be secure, the browser automatically switches to SSL — that is, as long as the server has an SSL certificate installed.
TLS stands for Transport Layer Security
TLS encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence.
Advanced version of SSL and lots of certificates are created using these TLS authorities by default like Symantec.
What is a TrustStore and KeyStore?
TrustStore is used to store the public certificates into the KeyStore.
Example: google.com, Load balancer certificates
KeyStore is used to store the private certificates of client or the server.
Example: Certificate related to private information will be inside the KeyStore.
Create a Self Signed Certificate
Press windows+r and type cmd or open command prompt and type the below commands to create a certificate.
Reuse the same password i.e., changeit in further password prompts.
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass changeit -validity 360 -keysize 2048
C:\Users\cldee>keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass changeit -validity 360 -keysize 2048
What is your first and last name?
[Unknown]: CL Deepak
What is the name of your organizational unit?
[Unknown]: IT
What is the name of your organization?
[Unknown]: Behind Java
What is the name of your City or Locality?
[Unknown]: Nellore
What is the name of your State or Province?
[Unknown]: AP
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=CL Deepak, OU=IT, O=Behind Java, L=Nellore, ST=AP, C=IN correct?
[no]: yes
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 360 days
for: CN=CL Deepak, OU=IT, O=Behind Java, L=Nellore, ST=AP, C=IN
Now JKS is generated under C:\Users\cldee in windows and in MAC it is under /Users/apple. move this JKS file to src/main/resources in the spring boot application folder.
Once JKS is in place, clean and build the project and in the real time you can use the JKS provided by your organization.
Run the spring boot application and access the URL https://localhost:8443/hello in google chrome and you can see the output and certificate details.
Here is the certificate and under the details tab, you can find more details of the certificate.