0

I have a spring-boot project that is run using jetty, I specifically have in my gradle

compile("org.springframework.boot:spring-boot-starter-web:1.5.8.RELEASE") {
    exclude module: "spring-boot-starter-tomcat"
}

I would like to setup SSL and have registered for it and am now in possession of .ca-bundle .crt .p7b .csr and .key files. And additionally I would like to accomplish this by using @Configuration class instead of application.properties however I do not know the first thing about setting up SSL. Can anyone point me in the right direction, or provide a code snippet that would allow my spring boot project to use SSL?

Quillion
  • 6,346
  • 11
  • 60
  • 97

1 Answers1

1

1) You need to add your certificates to a keystore in JKS format. This is the format used in java based web servers for storing certificates. You can use this guide or any other appropriate for your certificates format.

2) Put the generated file into src/main/resources folder of your project.

3) Make your web server use the new keystore.

In spring boot it will be easy as spring automated this process via .properties/.yml configurations.

Here is the example with .yml:

server:
  port: 443
  ssl:
    key-store: classpath:your-keystore.jks
    key-store-password: your-strong-pass
    keyStoreType: PKCS12
    keyAlias: your-alias

Each property corresponds to the entries you entered on the first step. Port should be set to 443 as it is default port for SSL connections.

Note: There is no point of doing this in @Configuration class as the recommended way is only properties file. Find more details in the documentation.

Sasha Shpota
  • 9,436
  • 14
  • 75
  • 148
  • I got all the way to last step, but when I launch the server I am told `org.springframework.boot.context.embedded.EmbeddedServletContainerException: Unable to start embedded Jetty servlet container` `Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.` any idea what that is? I made my jks using command `Program\ Files/Java/jdk1.8.0_66/bin/keytool.exe -import -alias jetty -file my_certificate.crt -keystore keystore.jks -storepass some_password` – Quillion Jan 26 '18 at 00:44
  • I'm not sure what is the problem. But try removing this line `keyStoreType: PKCS12` ( the default one would be `JKS`). You can also check this link https://confluence.atlassian.com/jirakb/java-certificate-issue-ioexception-derinputstream-getlength-lengthtag-109-too-big-761505154.html – Sasha Shpota Jan 26 '18 at 08:15