Spring Boot Application Over HTTPS

Introduction

In this example I am going to show you how to start your spring boot application on HTTPS protocol. HTTPS is a secured protocol, whereas HTTP is unsecured protocol. So the data passed over the network using HTTPS protocol are generally encrypted data.

The application which I am going to build is in the local environment and for this local environment I will use self-signed certificate. The self-signed certificate will be generated by the keytool which is already available in the JDK itself and you don’t need to use any external software.

The self-signed certificate will not be trusted by the browser even when you use HTTPS instead of HTTP protocol at first sight. So I will also show you how to let your browser trust your self-signed certificate.

Related Posts:

Prerequisites

Java 1.8+, Maven 3.8.2, Spring Boot 2.5.4

Project Setup

You can create maven based project in your favorite IDE or tool. The name of the project is spring-boot-application-https.

spring boot https

You can use the following pom.xml file which has the required dependencies.

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>

	<groupId>com.roytuts</groupId>
	<artifactId>spring-boot-application-https</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<packaging>jar</packaging>

	<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
		<maven.compiler.source>8</maven.compiler.source>
		<maven.compiler.target>8</maven.compiler.target>
	</properties>

	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.5.4</version>
	</parent>

	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>
</project>

Rest Controller

This is simple REST controller that publishes an endpoint to return a simple welcome message. I will test this endpoint both over HTTP and HTTPS protocols.

@RestController
@SpringBootApplication
public class SpringHttpsApp {

	public static void main(String[] args) {
		SpringApplication.run(SpringHttpsApp.class, args);
	}

	@GetMapping("/")
	public ResponseEntity<String> home() {
		return new ResponseEntity<String>("Welcome to self-certificate https site", HttpStatus.OK);
	}

}

Testing the Application

When you hit the URL http://localhost:8080 in the browser, you will see the following page by clicking on the info icon.

spring boot applications with https

So your site is not secure as it is running over HTTP protocol. Now I will show you how to use self-signed certificate to secure your site.

Generate Self-Signed Certificate using Java Keytool

Genrate self-signed certificate using Java keytool command:

keytool -genkeypair -alias selfsigned -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore ssl.p12 -validity 3650 -ext san=dns:localhost
spring boot applications over https

If you want to set password at the time of generating certificate then you can put storepass option:

keytool -genkeypair -alias selfsigned -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore ssl.p12 -storepass changeit –validity 3650 -ext san=dns:localhost

Arguments in the keytool:

genkeypair: generates a key pair

alias: alias of the key pair that uniquely identifies the certificate

keyalgo: algorithm used for generating key pair in the certificate

keysize: size of the key in certificate

storetype: type of the key pair stored in the certifivcate

keystore: the name of the certificate file

storepass: password used for the certificate

validity: the certificate will be valid for so many days from now

ext san=dns: includes an X.509 extension for Subject Alternate Name (SAN). Certificate will be trusted by the browser

The certificate file ssl.p12 gets generated under eclipse_workspace. You can generate the certificate at any location. You can also use genkey instead of genkeypair for generating certificate.

Now copy the ssl.p12 certificate and put it under src/main/resources class path folder.

Config File – application.properties

Now configure the SSL certificate in src/main/resources/application.properties file:

server.port=8443
server.ssl.enabled=true
server.ssl.key-alias=selfsigned
server.ssl.key-store=classpath:ssl.p12
server.ssl.key-store-type=PKCS12
server.ssl.key-store-password=changeit

The port for the application is 8443, SSL has been enabled, key alias specified, certificate path specified, certificate type specified and password for certificate has been specified.

Testing the Application

Now restart your application your server will start on port 8443 as shown in the following log:

INFO 21280 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8443 (https) with context path ''

If you try to access the URL over HTTP – http://localhost:8443, then you will see the following error message:

spring applications with https

The above page is shown in the Chrome browser and the self-signed certificate is not trusted by the browser.

You can click on Advanced and click on Proceed to localhost (unsafe):

spring applications with self-signed certificate

And you will see the following output:

spring https

But still, it is showing Not secure for the URL in the browser.

Install Self-Signed Certificate in Chrome

Now I will install this self-signed certificate in the Chrome browser.

In the address bar, click on the red warning triangle and “Not secure” message and, from the resulting menu, select “Certificate” to show the certificate.

spring boot https

In the window that pops up, select the “Details” tab (immediately to the right of “General” tab), and click on the “Copy to File…” at the bottom right of the tab.

spring over https

This launches the Certificate Export Wizard; click “Next” at the bottom, which takes you to a radio-button dialogue for selecting the format. Leave the default “DER encoded binary X.509 (.CER)” and click Next again.

spring boot over https
spring application over https

Use the “Browse…” button to select a filename Documents (or wherever you’d like to leave the exported cert) and remember the name and path. Click “Next” to export the cert and then “Finish“.

spring boot applications with https
spring boot app with https

You will see the successful message:

spring app with https

Next open the Chrome settings page, scroll to the bottom, and expand the “Advanced” section; in the “Privacy and security” panel, click on Security and again click on the “Manage certificates” area.

In the pop-up “Certificates” window, select the “Trusted Root Certification Authorities” tab, and click on the “Import…” button; this will launch the Certificate Import Wizard.

spring boot app over https protocol

Click “Next” and, on the next page, select “Browse…” and use the explorer window to locate the certificate you exported earlier.

spring app over https protocol
spring with https

Click “Next” again, then “Finish“, and, in the “Security Warning” pop-up, click on “Yes“; you should see yet another pop-up letting you know that the import was successful.

spring https
spring https
spring https
spring https

Testing the Application

Restart Chrome, and navigate to the webpage again; this time you should see the closed padlock and “Secure” annotation to the left of the URL.

Now hit the URL https://localhost:8443 in the Chrome browser, you will see the red padlock gone away and clicking on the closed padlock will show you secure connection.

spring boot https

That’s all about how to configure Spring Boot applications over HTTPS protocol.

Source Code

Download

Leave a Reply

Your email address will not be published.