Enable HTTPS with Self-Signed-Certificate in Spring Boot 2.0.2

Hello Spring Boot enthusiasts, I am back again with another article. I hope you enjoyed my last article on different spring boot deployment strategies.  In today’s article, I will demonstrate how to enable SSL/HTTPS in embedded servlet container with a self-signed certificate and access spring boot application over HTTPS scheme. We will also see how to redirect any HTTP request to HTTPS. We will create self-signed certificate with the help of keytool which comes along with the JDK installation. Before getting into actual development, let us first understand basic terminologies which will help us further understanding this article.

Self-Signed Certificate: A self signed certificate is a certificate that is signed by itself rather than a trusted authority. Never use a self signed certificate on an e-commerce site or any site that transfers valuable personal information like credit cards, social security numbers, etc.

CA Signed Certificate: A certificate authority (CA) is a trusted entity that manages and issues security certificates and public keys that are used for secure communication in a public network. Such certificates signed digitally by a certificate authority are CA Signed Certificates.

SSL (Secure Sockets Layer): SSL is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

Transport layer security (TLS): TLS is a protocol that provides communication security between client/server applications that communicate with each other over the Internet.

Hyper Text Transfer Protocol Secure (HTTPS): HTTPS is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted.

Truststore and Keystore: TrustStore (as name suggest) is used to store certificates from trusted Certificate authorities(CA) which are used to verify certificate presented by Server in SSL Connection while keyStore is used to store private key and own identity certificate which program should present to other parties (Server or client) to verify its identity.

Now that you know these basic terminologies, lets us proceed further. We will start by developing a simple spring boot application. Then we will create a self-signed certificate with the help of JDK provided utility i.e. keytool and do the configuration needed to enable SSL in embedded servlet container.

What will you learn?

  • Creating Self-Signed-Certificate with java keytool
  • Enable HTTPS in Spring Boot
  • Redirect HTTP to HTTPS

Creating Self-Signed-Certificate with java keytool

With the help of JDK supplied utility called “keytool”, we will create a self-signed certificate. Keytool in java is a key and certificate management utility located in bin folder of your JDK installation. It stores keys and certificates in a keystore and thus allows users to manage their own public/private key pairs and certificates.

Steps to create Self-Signed Certificate

Copy the following keytool command on command prompt and hit enter. It will generate the certificate with name keystore.jks.

Lets understand what the above command and other options means.
-genkey : Keytool command to generate the certificate.
-alias tomcatssl : It indicates the nickname/alias name of the certificate, needed when configuring SSL.
-keyalg RSA : Algorithm used to generate the key. Here RSA algorithm is used to generate the key pair.
-keysize 2048 : The size in bits of the key to generate.
-keystore keystore.jks : The name of the KeyStore file to store the generated key pair in.

In my case, the above keytool command will create a self-signed-certificate in “C:\Users\Chandra Mani\keystore.jks“.

Creating Spring Boot project in STS-Spring Tool Suite

Open STS IDE-> File menu -> New -> Spring Starter Project and fill the info as following.

Click on Next button and choose Spring Boot version, web dependency and hit Finish button.

SpringBootHttps project will be created with the default class SpringBootHttpsApplication.java. 

Add @RestController annotation at class level and also add a controller method as shown below.

pom.xml contains the following default starter dependencies.

Enable HTTPS in Spring Boot

Embedded tomcat container in Spring Boot starts by default on HTTP PORT 8080. In application.properties file, Spring Boot lets you configure HTTPS. But you cannot configure HTTP and HTTPS both at a time. In order to enable both at a time, we have to configure at least one, either HTTP or HTTPS, programmatically. Also copy the generated certificate in src/main/resources. Make the following changes in application.properties file to enable HTTPS.

Here, server.ssl.key-store: classpath:keystore.jks, classpath points to src/main/resources. Thats
the reason, we have kept the certificate “keystore.jks” inside src/main/resources of your Spring
Boot application.

With this, we will be able to access the spring boot application on HTTPS PORT 8292 with the
context path /SpringBootHttps. When you hit the following url, just ignore the certificate
related related error in the browser’s address bar.

https://localhost:8292/SpringBootHttps/hello/Roshan

I hope you are able to access your application on HTTPS without any problem.

Redirect HTTP to HTTPS

Its a good idea to redirect all HTTP traffic to HTTPS. But configuration for both HTTP and HTTPS is currently not possible in application.properties file. We will add other connector for HTTP programmatically and ensure all HTTP traffic gets redirected to HTTPS. This programmatic suppport for HTTP connector is done with respect to Spring Boot 2.0.x version.

First of all we will add a key-value pair for HTTP PORT  and read this key in our class, so that we dont have to hard code both ports value in our java class. Add the following key-value pair in application.properties file

Here, server.port=8292 is configured for HTTPS and httpPort=8081 is configured for HTTP. Now lets create a class named HttpsPortTomcat.java as the following.

Thats all you have to do. Now run your main class and in the console you will see Tomcat started on port(s): 8292 (https) 8081 (http) with context path ‘/SpringBootHttps’. Now try to access the spring boot application with HTTP schema and HTTP port, it will get redirected to HTTPS port.

Following HTTP URL with HTTP port

will be redirected to the HTTPS port.

I hope you liked this article. In case of any problem, feel free to post your query in the comment section. Happy Coding.

7 thoughts on “Enable HTTPS with Self-Signed-Certificate in Spring Boot 2.0.2”

  1. Saurav Gautam says:

    Excellent and great work ..

    1. Chandra Mani Gupta says:

      Thank you so much. I am glad that it helped you.

  2. sandy says:

    Good and Descriptive example.. thanks.

    1. Chandra Mani Gupta says:

      Glad that you find the article interesting. Kindly subscribe our blog for similar updates.

  3. Lakenya Krois says:

    some genuinely great content on this site, regards for contribution.

    1. Chandra Mani Gupta says:

      Good to hear from you Lakenya Krios brother..!!
      Thanks for your motivational thought, it helps me to write more…!!

  4. Jitesh kumar says:

    This blog is very help full to us.

Leave a Reply