I need to import a certificate in order to make a http request to an external service in a Spring Boot application.
How do I set up Spring Boot in order to do this?
There's a lot of information out there but I'm finding it all a bit confusing. It seems as though I may just need to create something like a "truststore.jks" keystore and import the correct certificate, and and add some entries to my application.properties.
509 authentication in our Spring Boot application, we first need to create a server-side certificate. Similarly, as for the CA certificate, we have to provide the password for the private key. Additionally, let's use localhost as a common name (CN). Before we proceed, we need to create a configuration file – localhost.
The client certificate is sent during the TLS handshake when establishing a connection and can't be sent via HTTP within that connection. The communication is layered like this: HTTP (application-layer protocol) within. TLS (presentation-layer protocol) within.
keytool
if you don't already have onecmd
keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore keystore.p12 -validity 3650
Answer all the questions. In the first question: what's your first name and last name put localhost
.
yourcertificate.crt
do thiskeytool -import -alias tomcat -file yourcertificate.crt -keystore keystore.p12 -storepass password
You will get a file called keystore.p12
.
resources folder
properties
file# Define a custom port instead of the default 8080
server.port=8443
# Tell Spring Security (if used) to require requests over HTTPS
security.require-ssl=true
# The format used for the keystore
server.ssl.key-store-type=PKCS12
# The path to the keystore containing the certificate
server.ssl.key-store=classpath:keystore.p12
# The password used to generate the certificate
server.ssl.key-store-password= {your password here}
# The alias mapped to the certificate
server.ssl.key-alias=tomcat
Config
class as follows@Configuration
public class ConnectorConfig {
@Bean
public TomcatServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(getHttpConnector());
return tomcat;
}
private Connector getHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
}
https://localhost:8443
Now you can access your third service that asks you for ssl authentication
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With