SSL settings spring boot

Question

I have some questions about ssl in spring boot. I have files certifications and private key with extension .crt and .key. how can I get from them right format for settings in spring boot like this

    server.ssl.key-store-type=PKCS12
    server.ssl.key-store=classpath:keystore.p12
    server.ssl.key-store-password=password 
    server.ssl.key-alias=tomcat

Answer 1

you can set certifications and private key with extension .crt and .key. as is in SpringBoot 3.1+

server.port=443
server.ssl.enabled=true
server.ssl.certificate=file:/certs/tls.crt
server.ssl.certificate-private-key=file:/certs/tls.key

Answer 2

An alternative: if you don't have (or don't like?) OpenSSL, https://keystore-explorer.org/ (unlike keytool) can read privatekey+certs into any type of Java keystore (PKCS12, JCEKS, JKS, and more, but PKCS12 is usually best) with the "Import Key Pair" icon or menu item.

Answer 3

To convert a certificate file and private key to PKCS#12(.p12) format, use the below command:

openssl pkcs12 -export -out certificate.p12 -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Please go through the below links for your reference on dealing with https in spring boot.

1. Enable HTTPS in Spring Boot
2. Configure HTTP to HTTPS Redirection in Spring Boot

Answer 4

I found solution. I got keystore use this comand:

    openssl pkcs12 -export -in <mycert.crt> -inkey <mykey.key> -out keystore.p12 -name <alias>

And added keystore into application.properies

    #ssl
    server.port=8443
    server.ssl.enabled=true
    server.ssl.key-store-type=PKCS12
    **server.ssl.key-store=keystore/keystore.p12**
    server.ssl.key-store-password=password
    server.ssl.key-alias=alias

It is correct config. When I use classpath:keystore.p12 it did not work. Maybe it cause that I work with spring boot 2. Then I created external folder and put inside keystore. Now it is working.