How to enable HTTPS in Spring Boot Applications with GoDaddy
In this tutorial, we are going to use Certificate Signing Request CSR to generate our certificate.
First of all, we have to generate Private Key and CSR. We should install OpenSSL to generate them. Then with the following commands, we will have our key and CSR file. While generating, there will be some questions such as company name and domain name.
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
After filling the details, you will be asked to write Challenge Password. Write a secure password then we will have all required files.
After that open your GoDaddy account and Re-Key your certificate by pasting the content of server.csr file.
Then download your SSL certificate for Tomcat format. The downloaded zip folder will contain the following files.
15cd3ad318d3f8a1.crt -> the name is random
15cd3ad318d3f8a1.pem -> the name is random
sf_bundle-g2-g1.crt
sfig2.crt.pem
Extract the zip to the same directory with the server.key file which we generated in the first step.
Create a new file for chain such as server-chain.crt then copy the content of the 15cd3ad318d3f8a1.crt and sf_bundle-g2-g1.crt files into server-chain.crt starting with 15cd3ad318d3f8a1.crt.
Then we will generate PK12 formatted certificate as server.pkcs12 with the following command.
openssl pkcs12 -export -in server-chain.crt -inkey server.key -out server.pkcs12 -name server -CAfile sf_bundle-g2-g1.crt -caname root
Provide a secure password and then we will have server.pkcs12 file.
After that, we need to convert to (Java KeyStore) jks format using keytool with the following command. You can use keytool from your jdk>bin directory.
With the following command, we will have server.jks file that we can use in our Spring Boot application.
keytool -importkeystore -alias server -srckeystore server.pkcs12 -srcstoretype PKCS12 -srcstorepass changeit(same with server.pkcs12 password) -deststorepass changeit -destkeypass changeit -destkeystore server.jks
Don’t forget to change password fields, the first one must be the same as the server.pkcs12 password which you provide in the previous step.
Spring Boot provides server-ssl properties which we can use.
server.ssl.key-store-password=changeit
server.ssl.key-store=/server.jks
server.ssl.key-store-type=jks
server.ssl.key-alias=server
Copy your server.jks file into the main folder of your project and change the password. Then run your server to test it.
Then open your Chrome browser and go to https://localhost:your-port-number and ignore the error, you can check your certificate in the below section. After the deployment of your application, the certificate will be valid.
I hope this tutorial was helpful. See you ✋.
