How to enable SSL in Spring Boot Application
In this guide we are going to learn how can we enable SSL in a spring boot application.
This post has two sections- 1st is to create the spring boot hello world application and the 2nd is enabling SSL in the same application. You can skip the 1st part if you already have an application with you
Creating a Hello world application in Spring Boot
You can skip this section if you have already an application where you want to configure SSL and jump directly into SSL configuration section.
Lets start creating an application by going to Spring Initializer and adding web
as dependency or you can load the configuration I used in this project directly from here.
Lets add a simple Rest API for returning Hello World
or Hello <username>
based on the query parameter username
is passed or not.
@RestController
@RequestMapping(value = "/greeting")
public class GreetingController {
@GetMapping("/say-hello")
public String sayHello(@RequestParam(name = "username", defaultValue = "World") String username) {
return "Hello " + username;
}
}
In the above example I have created a RestController
and mapped the sayHello()
method with GET /greeting/say-hello
endpoint. IF everything is done correctly, When we run the application we should be able to access it on http://localhost:8080
.
If we visit the URL in the browser: http://localhost:8080/greeting/say-hello
we should be able to see the Hello World
If we visit the URL http://localhost:8080/greeting/say-hello?username=Vipul
we should be able to see Hello Vipul
as response.
Adding SSL in spring boot application
To enable SSL first you need a SSL certificate signed by a certification authority (CA). Either you can buy an SSL certificate or If you only need to configure HTTPS to test your application, you can generate a self-signed certificate using a tool like OpenSSL.
Let’s generate our self-signed certificate and then configure it in the project. In most cases, the certificate is the Public Key Cryptography Standards #12 (PKCS12). Less frequently, we use a Java KeyStore (JKS) format. Let’s continue our example with a PKCS12 format.
Here we are going to use Public Key Cryptography Standards #12 (PKCS12) to generate self-signed certificate.
We can use keytool
provided by Java for generating a PKCS12 file as given below-
keytool -genkeypair -alias localhost -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore localhost-ssl.p12 -validity 3650
run the above command in terminal and provide the information asked. You can use any random data here but remember the password provided here because we will use it in our spring configuration.
Copy the generated localhost-ssl.p12
and paste it in src/main/resources
location inside the project.
Now open application.properties
file and configure the SSL certificate as given below-
security.require-ssl=true
server.ssl.key-store-password=12345678
server.ssl.key-store=src/main/resources/localhost-ssl.p12
server.ssl.key-store-type=PKCS12
Now lets restart the application and try to access http://localhost:8080/greeting/say-hello?username-vipul
in your browser, you will see following error-
This is because we are trying to access using HTTP and our application doesn’t support it. Now lets try to access the same URL using https://
protocol
You are seeing this because browsers doesn’t trust a self-signed certificate but for testing our application we can skip this error by clicking advanced button and then continue to localhost (unsafe)
Now you should be able to see the Hello Vipul
response in browser as expected.
You might be wondering why the Not secure and https with strikethrough. It is because browsers doesn’t trust a self-signed certificate.
If you really want to fix this then you need an SSL certificate from CA. Either you can buy one or get it free from Let’s Encrypt (letsencrypt.org).
Hope you enjoyed the post you can find the source code for this post here.