How to enable SSL in Spring Boot Application

Vipul Kumar
4 min readSep 5, 2022

--

In this guide we are going to learn how can we enable SSL in a spring boot application.

This post has two sections- 1st is to create the spring boot hello world application and the 2nd is enabling SSL in the same application. You can skip the 1st part if you already have an application with you

Creating a Hello world application in Spring Boot

You can skip this section if you have already an application where you want to configure SSL and jump directly into SSL configuration section.

Lets start creating an application by going to Spring Initializer and adding web as dependency or you can load the configuration I used in this project directly from here.

Lets add a simple Rest API for returning Hello World or Hello <username> based on the query parameter username is passed or not.

@RestController
@RequestMapping(value = "/greeting")
public class GreetingController {
@GetMapping("/say-hello")
public String sayHello(@RequestParam(name = "username", defaultValue = "World") String username) {
return "Hello " + username;
}
}

In the above example I have created a RestController and mapped the sayHello() method with GET /greeting/say-hello endpoint. IF everything is done correctly, When we run the application we should be able to access it on http://localhost:8080.

If we visit the URL in the browser: http://localhost:8080/greeting/say-hello we should be able to see the Hello World

API Response without username parameter
API Response without username parameter

If we visit the URL http://localhost:8080/greeting/say-hello?username=Vipul we should be able to see Hello Vipul as response.

API Response with username parameter
API Response with username parameter

Adding SSL in spring boot application

To enable SSL first you need a SSL certificate signed by a certification authority (CA). Either you can buy an SSL certificate or If you only need to configure HTTPS to test your application, you can generate a self-signed certificate using a tool like OpenSSL.

Let’s generate our self-signed certificate and then configure it in the project. In most cases, the certificate is the Public Key Cryptography Standards #12 (PKCS12). Less frequently, we use a Java KeyStore (JKS) format. Let’s continue our example with a PKCS12 format.

Here we are going to use Public Key Cryptography Standards #12 (PKCS12) to generate self-signed certificate.

We can use keytool provided by Java for generating a PKCS12 file as given below-

keytool -genkeypair -alias localhost -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore localhost-ssl.p12 -validity 3650

run the above command in terminal and provide the information asked. You can use any random data here but remember the password provided here because we will use it in our spring configuration.

Copy the generated localhost-ssl.p12and paste it in src/main/resources location inside the project.

Now open application.properties file and configure the SSL certificate as given below-

security.require-ssl=true
server.ssl.key-store-password=12345678
server.ssl.key-store=src/main/resources/localhost-ssl.p12
server.ssl.key-store-type=PKCS12

Now lets restart the application and try to access http://localhost:8080/greeting/say-hello?username-vipul in your browser, you will see following error-

SSL error when accessing using HTTP
SSL error when accessing using HTTP

This is because we are trying to access using HTTP and our application doesn’t support it. Now lets try to access the same URL using https:// protocol

Untrusted SSL Error
Untrusted SSL Error

You are seeing this because browsers doesn’t trust a self-signed certificate but for testing our application we can skip this error by clicking advanced button and then continue to localhost (unsafe)

Skipping Untrusted SSL Error
Skipping Untrusted SSL Error

Now you should be able to see the Hello Vipul response in browser as expected.

Success response with https enabled
Success response with https enabled

You might be wondering why the Not secure and https with strikethrough. It is because browsers doesn’t trust a self-signed certificate.

If you really want to fix this then you need an SSL certificate from CA. Either you can buy one or get it free from Let’s Encrypt (letsencrypt.org).

Hope you enjoyed the post you can find the source code for this post here.

--

--

Vipul Kumar
Vipul Kumar

Written by Vipul Kumar

A passionate software developer working on java, spring-boot and related technologies for more than 4 years.

No responses yet