How do you configure a self signed certificate programmatically with Spring Boot 3 for Tomcat?

Question

Previous examples of how to configure a self signed certificate with Spring Boot 2.x looked something like this

@Component
public class MyTomcatWebServerFactoryCustomizer implements WebServerFactoryCustomizer<TomcatServletWebServerFactory> {

    @Override
    public void customize(TomcatServletWebServerFactory server) {
        server.addConnectorCustomizers(connector -> {
           Http11NioProtocol proto = (Http11NioProtocol) connector.getProtocolHandler();
           proto.setSSLEnabled(true);
           proto.setKeystoreFile(CERTIFICATE_PATH);
           proto.setKeystorePass(CERTIFICATE_PASSWORD);
           proto.setKeystoreType(KEYSTORE_TYPE);
           proto.setKeyAlias(CERTIFICATE_ALIAS);
        });
    }
}

Spring Boot 3 moves to Tomcat 10 which removes setKeystoreFile, setKeystorePass, setKeystoreType, and setKeyAlias from the base classes for Http11NioProtocol and I am struggling to find the appropriate way to configure these same parameters in the new environment. I have done my due diligence searching the web but I am struggling to find the replacement method for doing this.

Answer 1

Try this.

Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
connector.setScheme("https");
connector.setSecure(true);
protocol.setSSLEnabled(true);

try {
    ClassPathResource keystoreResource = new ClassPathResource("xxx.jks");
    URL keystoreUrl = keystoreResource.getURL();
    String keystoreLocation = keystoreUrl.toString();

    SSLHostConfig sslHostConfig = new SSLHostConfig();
    SSLHostConfigCertificate sslHostConfigCertificate = new SSLHostConfigCertificate(sslHostConfig, SSLHostConfigCertificate.Type.UNDEFINED);

    sslHostConfigCertificate.setCertificateKeystoreFile(keystoreLocation);
    sslHostConfigCertificate.setCertificateKeystoreType(keystoreType);
    sslHostConfigCertificate.setCertificateKeystorePassword(keystorePassword);
    sslHostConfigCertificate.setCertificateKeyAlias(keyAlias);

    sslHostConfig.addCertificate(sslHostConfigCertificate);
    protocol.addSslHostConfig(sslHostConfig);
}
catch (IOException ex) {
    
}