CODEWITHSUNDEEP
sslspring-boothttps
quma
quma

Reputation: 5743

Spring Boot - enable and configure SSL certificate

I have this certificates / files in order to enable SSL for my application:

certificates

I found out that this properties are needed for Spring Boot to enable HTTPS:

server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=****
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat

but this does not work. My question now would be what do I have to do in order to get it work? https://abc.lehr.co.at should be the URL.

[EDIT]

I have created my own keystore - with this I get the following exception:

java.io.IOException: Alias name tomcat does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:596)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:534)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:363)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:739)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:472)
at org.apache.coyote.http11.Http11NioProtocol.start(Http11NioProtocol.java:81)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:986)

My keystore looks like this:

Keystore

Actually I don't know what to import into keystore for embedded tomcat (Spring Boot).

Upvotes: 17

Views: 75086

Answers (6)

balatamilmani
balatamilmani

Reputation: 141

If you end up here for the error "java.lang.IllegalStateException: SSL is enabled but no trust material is configured" in a Spring Boot version 3.x application while setting up SSL, it's possible you are missing the property

server.ssl.bundle=server

the value "server" here is the name of the bundle as given below

spring.ssl.bundle.jks.server.key.alias=serverCert spring.ssl.bundle.jks.server.keystore.location=classpath:certificates/server.key spring.ssl.bundle.jks.server.keystore.password=changeit spring.ssl.bundle.jks.server.keystore.type=PKCS12

Upvotes: 1

Luiz Xavier
Luiz Xavier

Reputation: 9

First you may convert your .pem file to a DER and then generate a keystore. See https://stackoverflow.com/a/13992135/16358980 how to do this.

In your application.properties, change key-store property to your generated keystore file:

server.ssl.key-store=<your-generated-keystore>

Upvotes: 0

joe cutter
joe cutter

Reputation: 343

server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=****
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat << This should be the alias of yourfile.12 if you have forgotten just create a new one and replace it>>

And dnt forget to add 

security.require-ssl=true <<Tell Spring Security (if used) to require requests over HTTPS>>

Upvotes: 3

rena
rena

Reputation: 1278

I'd suggest you create your KeyStore in JKS format: 

 keytool -genkey -keyalg RSA -alias my_alias -keystore keystore.jks -storepass password -validity 360 -keysize 2048

then add the configuration: 

server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.jks
server.ssl.key-store-password=****
server.ssl.keyStoreType=JKS
server.ssl.keyAlias=my_alias

Upvotes: 0

AlexGera
AlexGera

Reputation: 793

You have to pack your private keys to PFX file or P12 with specifiyng aliases. So, it will be picked up accordingly from the keyStore after loading materials.

Use this tool to figure out what alias are:

keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug

Upvotes: 3

Camille Vienot
Camille Vienot

Reputation: 807

To enable SSL, you must provide a private key, and not a trusted certificate.

In your keystore, 'tomcat' should be listed as an alias for a privatekeyentry and not a trustedcertentry.

Upvotes: 21

Related Questions