Springboot application (Spring 2.1.4) HTTPS Enabled

Question

I have to make my Spring boot application HTTPS enabled. For this task, I created a CSR and sent it to Security team of my employer. They provided a signed certificate ncf.cer to me. I was following steps from a website (https://www.thomasvitale.com/https-spring-boot-ssl-certificate/) and performed below steps.

1. Import ncf.cer into Java/JDK1.8/JRE/lib/security/cacerts (assuming it is JKS keystore) with alias ‘ncf’

2. In the code, placed ncf.p12 into src/main/resources

3. Made below changes in applications.properties

server.ssl.key-store-type=PKCS12
server.ssl.key-store=src/main/resources/keystore/ncf.p12  
server.ssl.key-store-password=changeit
server.ssl.key-alias=ncf

I am getting an error when I start the Springboot application:

Caused by: java.io.IOException: jsse.alias_no_key_entry

Can anyone please help me in getting the proper steps for making my application HTTPS enabled?

Answer 1

I fixed this issue finally. Below are the steps

1. import .cer into cacerts with an alias.
2. import .p12 into cacerts without providing alias. Here system will generate alias (long alphanumeric number) for you. Mention this alias number inside applicatins.properties.
3. Copy .p12 inside src/main/resoruces/keystore and then refer this path inside applications.properties.

Answer 2

This error means your keystore doesn't contain the original private key.

The signed certificate ncf.cer is supposed to be imported into the original keystore where the cert request was generated. Is it cacerts? Typically this file only contains public keys of trusted certificates instead of the public/private key pair.

Once you have the signed certificate ncf.cer imported into the correct keystore, you can export into the PKCS12 format then use in your folder as ncf.p12. If you can share how the ncf.cer file was imported and ncf.p12 was created, I can further help.