{{announcement.body}}
{{announcement.title}}

How to Enable HTTPS on a Spring Boot Application

DZone 's Guide to

How to Enable HTTPS on a Spring Boot Application

In this article, see a tutorial on how to enable HTTPS on a Spring Boot application.

· Java Zone ·
Free Resource

HTTPS is a secure version of HTTP designed to provide Transport Layer Security (TLS) [the successor to Secure Sockets Layer (SSL)], the padlock icon in the address bar that establishes an encrypted connection between a web server and a browser. HTTPS encrypts every data packet to transmit in a secure way and protects sensitive data from an eavesdropper or hacker.

You can implement HTTPS by installing the SSL certificates on your web application. You can use either certificate issued by trusted Certificate Authorities (CA) or Self-Signed Certificate.

For development and learning purposes, you could use the Self-Signed Certificate. You would generate the Self Signed Certificate by using the Java Keytool.

Self-Signed Certificate

You can generate the certificates by using Keytool located under the JDK bin folder. For example, C:\Program Files\Java\jdk1.8.0_161\bin. There are two Self-Signed Certificates that are available, as shown below.

  1. JKS(Java Key Store) is easy to access from your own Java apps. JKS is limited only to Java and not accessible from outside Java.
  2. PKCS12: Public Key Cryptographic Standards, on the other hand, are a language-neutral way to store encrypted private keys and certificates and have been around long enough that it's supported just about everywhere.

You might also like: All About Spring Boot [Tutorials and Articles]

How to Generate Self-Signed Certificate

Type cmd in the search field in windows to locate the Command Prompt and right-click by Run as administrator. Use the keytool command as below. You could mention the certificate name that you want, shown below.

C:\Program Files\Java\jdk1.8.0_161\bin>

keytool -genkeypair -alias selfsigned_localhost_sslserver -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore ebininfosoft-ssl-key.p12 -validity 3650

The self-signed certificate is protected by password. Enter the password and other details as shown on the below screenshot.


Once you've followed the above steps, the PKS key is created and stored under the JDK Bin folder.

Applying the SSL to Spring Boot Application

  1. Copy the ebininfosoft-ssl-key from the JDK bin folder and place it under the src/main/resources on your Spring Boot Application.
  2. Add the SSL Key information into application.properties as shown below.
Java

POM.XML

Below is the POM.xml that I used to specify the Spring Boot dependency.

XML


Controller

The simple HomeController used to demonstrate the HTTPS Get request for your reference.

Java


If you hit the Rest Endpoint (http://localhost:8080/home/) without HTTPS, you would get the below message in the browser.

"Bad Request"

This combination of host and port requires TLS.

If you hit the URL with HTTPS (https://localhost:8080/home/), you would get the response as below.

"Welcome to Spring Boot application."

I have placed the Source code for HTTPS spring boot along with CRUD operation using H2 in GitHub. Please refer the Java code from GitHub https://github.com/ebinezargnan/Billing

Further Reading

Building Your First Spring Boot Web Application

How to Enable HTTP/HTTPS on Spring Boot [Snippet]

Topics:
java ,spring ,spring boot ,spring boot 2.2 ,tutorial

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}