Over a million developers have joined DZone.

Setting up HTTPS for your REST API With Boxfuse

Learn how to configure SSL in Spring Boot to secure a custom REST API.

· Web Dev Zone

Start coding today to experience the powerful engine that drives data application’s development, brought to you in partnership with Qlik.

In my last post I showed how easy it was to get your REST API based on Spring Boot framework up and running on AWS with the help of Boxfuse. The next step is making use of SSL for the communication with the API. By using SSL, we make sure our data is saved during the transport between our REST API server and the API client. To setup SSL for the Spring Boot application you have to perform the following two steps:

  • Create a keystore
  • Configure the Spring Boot application

Create the Keystore
 The first step can be quite easy. Especially for development and testing purposes you can easily generate your own SSL certificate and keystore. There are lots of sites describing this. Basically, it is as simple as this:

 keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore keystore.jks -validity 3650
Add the generated keystore file to your application’s classpath by putting the file in your ‘src/main/resources’ folder.

For a professional/production SSL certificate you would best get one from a trusted Certificate Authority. Just google for ‘buy SSL certificate‘ and you will get lots of options to choose from (I ran into this one which claims to generate certificates for free but I haven’t tried it yet). By using a self-signed certificate you will get warnings from your browser indicating the site you are going to visit might be unsafe.

Configure the Spring Boot application
 The second step is to configure the Spring Boot application to make use of the keystore to set up SSL connections. To do this add the following to your ‘application.yml’ file that you use to configure your Spring Boot application:

 port: 443
 key-store: classpath:keystore.jks
 key-store-password: tomcat
 keyAlias: tomcat

There are two things that need your attention here:

  • First the port 443. This works perfectly on the AWS instance that is created by Boxfuse. If I use this setup for my dev environment (VirtualBox instance) the port is forwarded to 10443 on the host. Not really a problem but good to know when testing the API locally.
  • The second property to give extra attention is the name you set for your keystore. I forgot to set the ‘classpath:’ part which makes the application look for the key-store in a ‘/app’ folder which I didn’t have. I am not sure where that is coming from but just note that you have to add ‘classpath:’ to the path if you deliver your key-store within your application.

But wait… we forgot to configure Boxfuse for this! Well, we don’t need to because Boxfuse will use the same settings as Spring Boot and make sure the correct port is open in the security group for our server. So just run your application with Boxfuse and the REST API will now only be accessible over https:
 Screenshot at Apr 30 14-16-03

Create data driven applications in Qlik’s free and easy to use coding environment, brought to you in partnership with Qlik.

certificate ,spring ,boot ,ssl ,rest api ,rest ,keystore ,api

Published at DZone with permission of Pascal Alma, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}