Secure web connection is required and becomes standard today. In this Spring Boot tutorial, I’d be happy to share with you about HTTPS configuration for a Spring Boot application, for local development purpose, with a self-signed certificate.

To follow this guide, you must have JDK (Java Development Kit) installed on your computer so you can use its keytool for creating SSL certificate, and I suppose that you’re developing a Spring Boot project.

 

1. Generate Self-Signed Certificate using Java keytool

The SSL protocol requires a server provide a digital certificate which is trusted by an authority. Then clients will be able to establish a secure connection to your application. For development on localhost, you can create a self-signed certificate which is then installed to be trusted by your web browsers.

Open a new command prompt window, and type the following command:

keytool -genkeypair -alias local_ssl -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore local-ssl.p12 –validity 365 -ext san=dns:localhost

This command will generate a key pair (public key and private key) using RSA cryptography algorithm. Let me explain the arguments for the keytool program:

  • -genkeypair: generates a key pair
  • -alias local_ssl: specifies the alias of the keypair is local_ssl, which uniquely identifies it.
  • -keyalg RSA: specifies the algorithm to be used is RSA
  • -keysize 2048: specifies the size of the key is 2048 bit
  • -storetype PKCS12: specifies the file format to store the key pair is PKCS12
  • -keystore local-ssl.p12: species name of the file that stores the key pair is local-ssl.p12
  • -validity 365: specifies the expiration date will be 365 days from now
  • -ext san=dns:localhost: includes an X.509 extension for Subject Alternate Name (SAN) – a SAN is required so the certificate will be trusted by browsers on localhost

NOTE: the keytool program is available in JDK’s bin directory, so you may need to change the current directory to JDK_HOME\bin if you don’t have setup for JAVA_HOME environment variable.

Then you have to enter password for the keystore as well as supplying some extra information, as shown below:

keytool command generate keypair

The result is a keystore file named local-ssl.p12 created in the current directory.


2. Enable SSL for Spring Boot Application

Copy the local-ssl.p12 file to your Spring Boot project, under src/main/resources like this:

Copy keypair file to Spring Boot project

Then enable SSL for embedded Tomcat server in the Spring Boot application configuration file (application.yml in my case) as follows:

server:

  port: 443

  servlet:

    context-path: /

  ssl:

    enabled: true

    key-alias: local_ssl

    key-store: classpath:local-ssl.p12

    key-store-type: PKCS12

    key-password: <keystore_password>

    key-store-password: <keystore_password>

Now, you can start your Spring Boot application. And notice the embedded Tomcat server is now listening on HTTPS port number (443):

Tomcat started https

Then try to access https://localhost in Chrome browser, you should see an error like this:

Chrome privacy error

This is because the self-signed SSL certificate sent from the server is not trusted by the browser. Don’t worry. See the next step below.


3. Install Self-Signed Certificate

Now you have to generate a certificate file from the keystore file. Use the keytool program with this command:

keytool -export -keystore local-ssl.p12 -alias local_ssl -file local-cert.crt

This command exports a digital certificate from the specified keystore file. You need to provide password:

keytool export certificate

Now, open Windows Explorer and navigate to the directory where the local-cert.crt file created. Right-click on the file and click Install Certificate:

click Install Certificate context menu

Then in the first screen of Certificate Import Wizard, click Next. Click Browse, and choose Trusted Root Certification Authorities:

Place certificate to trusted store

Click OK. Click Next. And Click Finish to complete the Certificate Import wizard. You should see a security warning, and click Yes to install the certificate.

Now, restart your browser and reload https://localhost URL, you should see a security padlock appears like this:

padlock https for localhost

Congratulations! You have successfully configured secure connection (HTTPS) for a Spring Boot application using self-signed certificate. To see the steps in action, I recommend you watch the following video:

 

Spring Security Tutorials:

 

Other Spring Boot Tutorials:


About the Author:

is certified Java programmer (SCJP and SCWCD). He began programming with Java back in the days of Java 1.4 and has been passionate about it ever since. You can connect with him on Facebook and watch his Java videos on YouTube.



Add comment

   


Comments 

#1Nelson Muturi2022-08-27 05:28
This worked for me, thank you. On Mac, one can load the certificate .CRT into the Keychain Access app (under System), followed by double-clicking on the certificate and changing its trust settings to "Always Trust".
Quote