Reputation: 2250
KeyStore config in yml
I try to call Two-Way SSL secured system using key and cert with RestTemplate. I used the key store to config cert and key. Here are steps to generate key store.
openssl pkcs12 -export -in cert.pem -inkey "privateKey.pem" -certfile cert.pem -out myProject_keyAndCertBundle.p12keytool -importkeystore -srckeystore myProject_keyAndCertBundle.p12 -srcstoretype PKCS12 -destkeystore keystore.jks.jks
Then I configured it on my Main class like below.
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
System.setProperty("javax.net.ssl.keyStore", "keystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
}
}
It works successfully.
My question is, Are there any method to set this key store in application.yml
I tried it like below. But in that case, I need a certificate to connect with my spring boot app also.
server:
port: 8443
ssl:
key-store: classpath:keystore.jks
key-store-password: password
security:
headers:
hsts: NONE
Upvotes: 1
Views: 2470
Answers (1)
Reputation: 4830
What you are doing in the application.yml is securing your springboot application. You are securing your springboot application with a private key that was give to you, which is wrong.
What you need is the ability to load the keystore that was given to you dynamically before you make the external service call, like this:
// Key Store
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(clientKeyStore, clientKeyStorePwd);
// Trust Store
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(serverTrustStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
The KeyStore part is the keystore that was give to you which contains the private key and cert chain. And the TrustStore just contains the CA chain that signed the private key.
Upvotes: 3
Related Questions
- Java SpringBoot: application.properties for javax.net.ssl. trustStore trustStorePassword keyStore keyStorePassword
- Unable to get keystore file working with Springboot
- Spring Boot SSL and keystore certificate installation
- Spring Boot not loading keystore specified in application.yml
- How can I specify keystore and trust store in application.yaml for ssl client?
- Spring Boot Application SSL property configuration: getKeyStorePassword before setKeyStorePassword
- Spring boot cloud config encrypt keystore password
- How to configure ssl in spring boot?
- Setting up SSL security in spring boot 2.0.3
- How can I specify my .keystore file with Spring Boot and Tomcat?