Menu
I have never done this before, and most of the tutorials do not mention how to deal with .crt files.
I bought an SSL certificate from GoDaddy, and selected Tomcat as a platform when downloading it. The zip file contained 3 files:
dea08asdjakjawl.crt
gd_bundle-g1-g1.crt
gdig.crt.pem
I have a running Spring Boot application (on port 80 with an embedded Tomcat) on a CentOS7 server. (Server is running on Digital Ocean, it has an assigned domain, and works with simple http)
I would like to switch it to https://something.com
All the tutorials suggest that I must have a .jks or a .p12 file for that, but I wasn't able to convert the .crt files to that. Beside I am not sure which of the 2 .crt file is the one I should convert to .jks/.p12.
I have added this to my application.yaml, but didn't help:
server:
port: 443
ssl:
enabled: true
key-alias: server
key-store: "cert.crt"
key-store-password: "***"
How can I change my running Spring Boot project to accept HTTPS queries using this certificate?
754
Copy the certificate file and password file that you obtained to the root directory src/main/resources/ of the Spring Boot project. Note If you have modified the directory of the Spring Boot project, you must copy the certificate and password files to the directory in which the configuration file application.
So the correct procedure was the following:
I had to recreate the CSR from scratch, using a Java Key Store instead.
keytool -genkey -alias mydomain -keyalg RSA -keystore KeyStore.jks -keysize 2048
Then a new CSR:
keytool -certreq -alias mydomain -keystore KeyStore.jks -file mydomain.csr
That had to be resent to the cert provider to generate a new .cer file. So they sent me back the mentioned 2 .cer files, the "bundle" one was the intermediate .cer, which I needed to add like this:
keytool -import -trustcacerts -alias intermediate -file intermediate.crt -keystore KeyStore.jks
Then the actual "long-named" .cer file like this:
keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore KeyStore.jks
Then this is something which can be converted to p12 like this:
keytool -importkeystore -srckeystore <MY_KEYSTORE.jks> -destkeystore <MY_FILE.p12> -srcstoretype JKS -deststoretype PKCS12 -deststorepass <PASSWORD_PKCS12> -srcalias <ALIAS_SRC> -destalias <ALIAS_DEST>
Finally the application.properties needed extra lines and became something like this:
server.port=443
server.ssl.enabled=true
security.require-ssl=true
server.ssl.key-store=keystore.p12
server.ssl.key-store-password=password
server.ssl.key-alias=domain
server.ssl.key-password=password
And it is finally working.
123
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With