0

I have a Angular PWA hosted in Firebase, and I have a Spring boot service I'm trying to communicate with (running locally at the moment).

Firebase out of the goodness of their heart automatically create a SSL certificate for the hosted app, so that is secure and only accessible via HTTPS.

What I can't work out is how to setup my Spring boot service to accept/trust/allow those connections so the PWA can make basic REST calls for example (Do I even need to do this?).

My first thought was to add the certificate from Firebase to the Spring boot truststore, but either I'm doing it wrong or that is the wrong approach as I'm just getting javax.net.ssl.SSLHandshakeException: no cipher suites in common with everything I've tried.

The commands I've ran to do this are as follows:

Download the certificate from Angular app URL

keytool -printcert -sslserver app.example.com:443 -rfc > temp.cert

Create a truststore from that certificate

keytool -keystore truststore.jks -alias example.com -import -file temp.cert

Then I'm just loading that into my Spring boot application.yml file

server:
  port: 8443
  ssl:
    key-store: classpath:truststore.jks
    key-password: secret
    key-alias: example.com

I'm not really sure if I've done this completely wrong, or missed a vital step.

Chris
  • 3,437
  • 6
  • 40
  • 73

1 Answers1

1

This approach will not work unfortunately, but might not be required.

As you probably know, SSL works with "public-key cryptography" which requires two keys: a private key and a public key. An SSL Certificate is basically the public key plus some other verification information.

While we can extract the SSL Certificate using keytool as you've done, that wont give us the crucial private key. And for security reasons, likely there's no way to export the private key from Firebase.

So what can be done?

  1. If you're just testing locally, then either just use plain HTTP (no security but you also don't need to do anything) -- or use a self-signed certificate. If using a self-signed certificate, you probably will also need to add the self-signed certificate to your browser.

  2. If you have a domain name for your Spring Boot service, then you can get a free SSL certificate for that domain from Let's Encrypt and configure it for Spring Boot.

As an aside, I noticed that you tried to create a truststore instead of a keystore. The truststore is actually for something different (something we call client-mutual-auth) -- probably not something you will need. See this previous thread for more info.

peekay
  • 1,885
  • 13
  • 11