A Spring Boot HTTPS Server Template

by immontilla

Tomcat SSL/TLS configuration is a non-difficult task to do in Spring Boot. You just need to generate a self-signed certificate and add its references in the src/main/resources/application.properties file.

Note
This template is valid only to serve static content. If you are planning to expose some kind of API, please read this post instead.

This is how it goes...

Spring Boot

Let's create a Spring Boot starter project with curl. Open a terminal and run:

mkdir spring-boot-https-server && cd spring-boot-https-server && curl -s https://start.spring.io/starter.tgz -d style=web -d packaging=war -d groupId=eu.immontilla.poc -d artifactId=https-server -d name=https-server -d description="HTTPS Spring Boot Server" -d applicationName=App | tar -xzvf -

Certificate generation

Let's use Java keytool to generate a 1 year valid self-signed certificate at src/main/resources folder by running:

cd src/main/resources && keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore key.p12 -validity 365

Important:

  • Don't forget the password you set.

src/main/resources/application.properties

Edit as:

server.port: 8443
server.ssl.key-store: classpath:key.p12
server.ssl.key-store-password: ********
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: tomcat

where:
*server.port is the port your https server will be listening on.

*server.ssl.key-store is the path where the certificate file is (classpath:) followed by the filename.

  • server.ssl.keyStoreType and server.ssl.keyAlias are the options we set in the keytool command whereas server.ssl.key-store-password is the password you assigned to the certificate.

Before building...

Add a simple controller and a simple HTML file to the project. Otherwise, you will see no more than an ugly whitelabel error page.

src/main/java/eu/immontilla/poc/httpserver/HomeController.java

package eu.immontilla.poc.httpsserver;

import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
public class HomeController {
    @RequestMapping(value = "/", method = RequestMethod.GET, produces = MediaType.TEXT_HTML_VALUE)
    public String index() {
        return "index.html";
    }
}

src/main/resources/static/index.html

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>HTTPS Spring Boot Server</title>
</head>
<body>
	<p>Hello HTTPS World!</p>
</body>
</html>

Run

mvn clean spring-boot:run

Finally, open your browser at https://localhost:8443/

You will see a security warning because you are using a self-signed certificate, you can skip it. If you won't see a security warning, please update your web browser as soon as you can.

The source code is available at https://github.com/immontilla/spring-boot-https-server/tree/old

Conclusions

  • This starter template must be used only on development environments.
  • Do not use self-signed certificates in Production environment or Internet.
  • On the Internet, Let's Encrypt is a valid CA (Certificate Authority). Use it!