Enable HTTPS in Spring Boot

Spring-boot-enable-ssl

Enable HTTPS in Spring BootAPRILDriss AMRI

This weekend I answered a question about enabling HTTPS in Jhipster Onstackoverflow so caught a lot of interest on Twitt Er so I decided to put a short post on it with some more useful details.

Jhipster is a Spring Boot application with a lot of neat features and other frameworks completely integrated. The configuration is exactly the same like any other Spring Boot application, including the SSL settings. If you is interested to get a quick introduction on Jhipster, feel free to take a look at my Start a modern Java web Application with Jhipster

If you is using Spring Boot and want to enable SSL (HTTPS) for your application on the embedded Tomcat there a few short Steps you'll need to take.

1. Get yourself a SSL certificate: generate a self-signed certifcate or Get one from a certificate authority
2. Enable HTTPS in Spring Boot
3. Redirect HTTP to HTTPS (optional)

Step 1:get a SSL certificate

If you want the use of SSL and serve your Spring Boot application over HTTPS you'll need to get a certificate.

You have both options to get one. You can generate a self-signed certificate, which'll most likely is what you'll want to does in development since it's the Easiest option. This usually isn ' t a good option in production since it would display a warning to the user that your certificate are not tr Usted.

The other (production) option was to request one from a Certificate authority. I ' ve heard good things about sslmate to buy your certificate for a reasonable price with excellent support. There is some providers that is able to give off free certificates but usually you'll have problems down the line if you Has any issues or problems (revocations).

Since We is developers, let's generate a self-signed certificate to get started quickly with development of our Applicati Mnl Every Java Runtime environment (JRE) comes bundled with a certificate management Utility,keytool. This can is used to generate our self-signed certificate. Let ' s has a look:

keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650Enter keystore password:  Re-enter new password:What is your first and last name?  [Unknown]:  What is the name of your organizational unit?  [Unknown]:  What is the name of your organization?  [Unknown]:  What is the name of your City or Locality?  [Unknown]:  What is the name of your State or Province?  [Unknown]:  What is the two-letter country code for this unit?  [Unknown]:  Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?  [no]:  yes

This would generate a PKCS12 keystore called KEYSTORE.P12 with your newly generate certificate in it, with certificate Alia S Tomcat. You'll need to reference keystore in a minute if we start to configure Spring Boot.

Step 2:enable HTTPS in Spring Boot

By default your Spring Boot embedded Tomcat container would have an HTTP on port 8080 enabled. Spring Boot lets you configure HTTP or HTTPS in the application.properties, and not both at once. If you want to enable both you'll need to configure at least one programmatically. The Spring Boot reference documentation recommends configuring HTTPS in the application.properties since it's the more COM Plicated than HTTP.

Using configuration Like the example above means the application would no longer support plain HTTP connector at port 8080. Spring Boot doesn ' t support the configuration of both a HTTP connector and an HTTPS connector via application.proper Ties. If you want to has both then you'll need to configure one of them programmatically. It ' s recommended to useapplication.properties to configure HTTPS as the HTTP connector is the easier of the O Configure Programmatically. See the Spring-boot-sample-tomcat-multi-connectors Sample project for an example.

Funny enough despite their recommendation to configure HTTPS in the application.properties, their example does the exact o Pposite.

Let's configure HTTPS in the default application.properties file undersrc/main/resources of your Spring Boot Application:

server.port: 8443server.ssl.key-store: keystore.p12server.ssl.key-store-password: mypasswordserver.ssl.keyStoreType: PKCS12server.ssl.keyAlias: tomcat

That's all you need to does to make your application accessible over HTTPS on https://localhost:8443, pretty easy R Ight?

Step 3:redirect HTTP to HTTPS (optional)

In some cases it might is a good idea to make your application accessible over HTTP too, but redirect all traffic to HTTPS .
To achieve this we'll need to add a second Tomcat connector, but currently it's not possible to configure II connector I n the application.properties like mentioned before. Because of this we'll add the HTTP connector programmatically and make sure it redirects all traffic to our HTTPS Connecto R.

For this we'll need to add thetomcatembeddedservletcontainerfactory beans to one of our@Configuration C Lasses.

That's all you need-to-do sure your application are always used over https!

Enable HTTPS in Spring Boot