Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Setting up HTTPS for your REST API With Boxfuse

DZone's Guide to

Setting up HTTPS for your REST API With Boxfuse

Learn how to configure SSL in Spring Boot to secure a custom REST API.

· Web Dev Zone
Free Resource

Learn how to build modern digital experience apps with Crafter CMS. Download this eBook now. Brought to you in partnership with Crafter Software

In my last post I showed how easy it was to get your REST API based on Spring Boot framework up and running on AWS with the help of Boxfuse. The next step is making use of SSL for the communication with the API. By using SSL, we make sure our data is saved during the transport between our REST API server and the API client. To setup SSL for the Spring Boot application you have to perform the following two steps:

  • Create a keystore
  • Configure the Spring Boot application

Create the Keystore
 The first step can be quite easy. Especially for development and testing purposes you can easily generate your own SSL certificate and keystore. There are lots of sites describing this. Basically, it is as simple as this:

 keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore keystore.jks -validity 3650
 
Add the generated keystore file to your application’s classpath by putting the file in your ‘src/main/resources’ folder.

For a professional/production SSL certificate you would best get one from a trusted Certificate Authority. Just google for ‘buy SSL certificate‘ and you will get lots of options to choose from (I ran into this one which claims to generate certificates for free but I haven’t tried it yet). By using a self-signed certificate you will get warnings from your browser indicating the site you are going to visit might be unsafe.

Configure the Spring Boot application
 The second step is to configure the Spring Boot application to make use of the keystore to set up SSL connections. To do this add the following to your ‘application.yml’ file that you use to configure your Spring Boot application:

server:
 port: 443
 ssl:
 key-store: classpath:keystore.jks
 key-store-password: tomcat
 keyAlias: tomcat


There are two things that need your attention here:

  • First the port 443. This works perfectly on the AWS instance that is created by Boxfuse. If I use this setup for my dev environment (VirtualBox instance) the port is forwarded to 10443 on the host. Not really a problem but good to know when testing the API locally.
  • The second property to give extra attention is the name you set for your keystore. I forgot to set the ‘classpath:’ part which makes the application look for the key-store in a ‘/app’ folder which I didn’t have. I am not sure where that is coming from but just note that you have to add ‘classpath:’ to the path if you deliver your key-store within your application.

But wait… we forgot to configure Boxfuse for this! Well, we don’t need to because Boxfuse will use the same settings as Spring Boot and make sure the correct port is open in the security group for our server. So just run your application with Boxfuse and the REST API will now only be accessible over https:
 Screenshot at Apr 30 14-16-03

Crafter is a modern CMS platform for building modern websites and content-rich digital experiences. Download this eBook now. Brought to you in partnership with Crafter Software.

Topics:
certificate ,spring ,boot ,ssl ,rest api ,rest ,keystore ,api

Published at DZone with permission of Pascal Alma. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}