0

I checked all similar error but none of them solved my problem. I have a React and Spring Boot app. Frontend and Backend are separated. They both work in windows server 2012. I take build of react app and add it to IIS Manager. I created a certificate from ZeroSSL and I added the certificate to IIS manager. When I go to my web page it says secured it works fine. But When I make any request to my java spring boot backend. It gives error. Because it makes request in https. but I wrote in "http" not "https".

It gives below error.

Mixed Content: The page at 'https://webpage.com/#/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://IP:8080/api/login/. This request has been blocked; the content must be served over HTTPS.

After that I tried to convert my java backend app http to https, I added these to application.properties

security.require-ssl=true
server.ssl.key-store=certificate
server.ssl.key-store-password=password
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat

I created same certificate and add under application.properties file but still gives me error. I am really stuck on it. any there is nobody to near to help me. I hope you can help me.

user19389346
  • 7
  • 3
  • Where did you put your .p12 file? In all likelihood, should be in src/main/resources/keystore Here are some resources that might help: https://www.baeldung.com/spring-boot-https-self-signed-certificate https://mkyong.com/spring-boot/spring-boot-ssl-https-examples/ https://www.thomasvitale.com/https-spring-boot-ssl-certificate/ – Howard007 Aug 31 '22 at 17:20
  • yes there src/main/resources/keystore – user19389346 Aug 31 '22 at 17:46
  • You didn't mention clearly above how you host the Java web app. Thus, you have to edit the question and reveal more. – Lex Li Aug 31 '22 at 19:43
  • I enabled my spring boot https but now I am getting ERR_CERT_COMMON_NAME_INVALID, when I make request to backend https:/localhost:5433. certificate is valid I dont know why I am getting this error – user19389346 Aug 31 '22 at 21:13
  • Have you seen this thread: https://stackoverflow.com/questions/67765238/mixed-content-the-page-at-was-loaded-over-https-but-requested-an-insecure-resour In the JSP page, just add this meta: `` to your HTML to allow mixed content. – YurongDai Sep 07 '22 at 02:48

0 Answers0