How to convert your Spring Boot app to a HTTPS application?

Let’s say you have a simple spring boot app with a single API which returns the string “Hello HTTPS”.

But this runs on HTTP and you want to convert this to run on HTTPS.

You want your app to be more secure and the data sent over the network to be encrypted.

You can do that quite easily in Spring Boot.

First , let’s see the HTTP code:

Below is a sample REST controller:

package com.example.demo;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class TestController {

	
	@GetMapping("/hello")
	public String hello() {
		
		return "Hello Https";
	}
}

And on starting the application and hitting the /hello API over HTTP I get this:

Now let’s convert this to serve over https.

For this you need a SSL certificate.

Where do you get this from?

From Certification Authorities(CA) if your website is live and open to public.

But if you just want to explore how HTTPS work in your local environment you can use a self signed certificate.

And how do you generate a self signed certificate?

One way is to use keytool tool provided by Java.

Let’s create a self signed certificate for our purpose.

Go to the bin directory of your java installation (C:\softwares\jdk-16\bin in my machine) and run the below command:

keytool -genKey -alias demokey -keystore demokeystore -keyalg RSA

-genKey generates a new private key

-alias is the name of your private key

-keystore is the name of your keystore where the certificate is going to be kept

-keyalg is the algorithm you want to use for encryption.

It will ask to set a password for your keystore and some basic details:

That’s it , a keystore has been generated .

I have opted for certain default values.

One is the certificate type- PKCS12. This is a standard certificate and is the default one generated after Java 8. Prior to that Java generated a JKS certificate by default which is specific to java environment and cannot be used outside the platform.

The other one is the validity , by default the validity is 90 days , you can customize that.

Alright, I have a certificate now in my keystore “demokeystore”.

Now to turn my Hello Https app to a HTTPS app all I need to do is configure the above keystore in application yml file.

Here is the updated application yml file



server:
  ssl:
    key-store: C:\softwares\jdk-16\bin\demokeystore
    key-store-password: demopass
    key-alias: demokey 
  port: 8443

As simple as that!

You just specify the key store location , its password and the alias name of your private key.

If you have are using a different key store type (other than PKCS12) you can specify it using the keyword key-store-type.

Since https is usually served on port no 8443 , I have configured the port number as such.

Now let’s try to access the API over https .

I get this:

Wait , why is this?

This is because the certificate I am using is a self signed certificate and the browser isn’t aware of this. Usually on a live environment we use a certificate granted by a Certification Authority and most browsers know who these certification authorities are.

To resolve this , just click on Advanced (I have used Microsoft Edge browser above) and click on continue to localhost( unsafe):

There you are!

You can get rid of the “Not secure” warning by buying a real certificate from a Certification Authority.

That’s it!

Here is the code:

https://github.com/vijaysrj/httpsdemo

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s