java – Enable HTTPS with self-signed certificate in Spring Boot 2.0 – Stack Overflow

java - Enable HTTPS with self-signed certificate in Spring Boot 2.0 - Stack Overflow Сертификаты
На чтение 6 мин. Просмотров 10 Опубликовано
Содержание
  1. 4 DemoController
  2. 5 Build and Run an application
  3. Ca root certificate
  4. Configure client for 2 way ssl :
  5. Configure controller in client-app:
  6. Configure ide to see all handshake protocol in ide’s console:
  7. Configure server for 2 way ssl communication:
  8. Configure server for 2 way ssl:
  9. Create a self signed client cert
  10. Create public certificate file from client app certi:
  11. Create public certificate file from server app certi:
  12. Import certificate to browser:
  13. Prerequisites
  14. Pre-requisites:
  15. Process of 2-way ssl communication:
  16. Steps to import .p12 file on chrome browser are:

4 DemoController

package com.javadeveloperzone.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * Created by JavaDeveloperZone on 01-04-2021.
 */
@RestController
public class DemoController {

    @RequestMapping(value = "/hello")
    public String hello() {
        return "This is secure call";
    }
}

5 Build and Run an application

mvn spring-boot:run

Ca root certificate

1# Create CA Root

openssl genrsa -des3 -out myCARoot.key 2048

You will be prompted for a passphrase, which I recommend not skipping and keeping safe. The passphrase will prevent anyone who gets your private key from generating a root certificate of their own. The output should look like this. In this example: I use password for testing.

Generating RSA private key, 2048 bit long modulus
.................................................................   
.....................................   
e is 65537 (0x10001)
Enter pass phrase for myCARoot.key: password
Verifying - Enter pass phrase for myCARoot.key:password

2# Create CA Root Certificate

openssl req -x509 -new -nodes -key myCARoot.key -sha256 -days 3650 -out myCARoot.pem

You will be prompted for the passphrase of your private key (password) and a bunch of questions. The answers to those questions aren’t that important. They show up when looking at the certificate, which you will almost never do. I suggest making the Common Name something that you’ll recognize as your root certificate in a list of other certificates. That’s really the only thing that matters.

Про сертификаты:  КриптоПро | КриптоПро УЦ

Configure client for 2 way ssl :

  1. We have to copy java key store file to our resources folder(src/main/resources) in our client application
  2. Add following code to our application’s properties file(application.properties or application.yml).

Configure controller in client-app:

Now we will create 2 controllers in our client’s controller class:

Here we created 2 methods, one of them is communicating with the server controller using RestTemplate. We defined “msEndpoint” in our application.yml file.

Configure ide to see all handshake protocol in ide’s console:

To see complete debugging and all 12 digital handshake messages in our IDE’s console we have to follow these steps :

  1.  Right click on server-app and select run as from list.
  2.  Open “Run Configurations” and click on tab “arguments”.
  3. Add following arguments to “VM arguments” tab

That’s all and you can see complete debugging.

Configure server for 2 way ssl communication:

  1. We have to copy java key store file to our resources folder(src/main/resources) in our server application
  2. Add following code to our application’s properties file(application.properties or application.yml).

Here we enabled SSL and made client-auth necessary to implement 2 way SSL and key-store-password is the password which you entered while creating the server jks file.

Configure server for 2 way ssl:

And that’s pretty much it from server side.

Create a self signed client cert

We will use key tool command for this.

That last part in key tool command is very critical as self signed cert created without SAN entries won’t work with Chrome and Safari.

Про сертификаты:  SSL Symantec недорого в

Create Self Signed Server Cert:

Create public certificate file from client cert:

Create public certificate file from client app certi:

Now we will create public certi(.crt) from client jks file.

Create public certificate file from server app certi:

create public certi from server jks file.

Import certificate to browser:

Now the problem is that we can’t browse these application’s url on the browser as our browser will complain about the certificate because here we configured the app for 2 way SSL  so we need to import our server’s certificate to our browser.

Unfortunately our browser can’t understand .jks file it understands only PKCS12 format file so we have to convert our jks file to PKCS12 format. To do this we can use “keytool”:

Here we converted the .jks file to .p12 format.

Now we will import this .p12 file on our browser so that our browser can present this cert to our client application for authentication purposes.

Prerequisites

We can generate an SSL certificate ourselves (self-signed certificate). It is intended just for development and testing purposes. In production, we should use a certificate issued by the official trusted Certificate Authority (CA).

In this tutorial, we’re going to explore the following items:

Pre-requisites:

  1. Java 1.8
  2. Spring Boot 2.4.4
  3. Keytool (bundled with jdk)

To implement 2-way SSL we will create 2 applications in spring boot: client application and server application.

Process of 2-way ssl communication:

  1. Client sends ClientHello message proposing SSL options.
  2. Server responds with ServerHello message selecting the SSL options.
  3. Server sends Certificate message, which contains the server’s certificate.
  4. Server requests client’s certificate in CertificateRequest message, so that the connection can be mutually authenticated.
  5. Server concludes its part of the negotiation with ServerHelloDone message.
  6. Client responds with Certificate message, which contains the client’s certificate.
  7. Client sends session key information (encrypted with server’s public key) in ClientKeyExchange message.
  8. Client sends a CertificateVerify message to let the server know it owns the sent certificate.
  9. Client sends ChangeCipherSpec message to activate the negotiated options for all future messages it will send.
  10. Client sends Finished message to let the server check the newly activated options.
  11. Server sends ChangeCipherSpec message to activate the negotiated options for all future messages it will send.
  12. Server sends Finished message to let the client check the newly activated options.

Steps to import .p12 file on chrome browser are:

  • Open settings tab of chrome browser and open security tab.
  • Now tap on “import” and select .p12 file and import it to browser.
Про сертификаты:  Компания "Эликс Кабель" - крупный производитель кабелей связи
2 way ssl spring boot ssl
Оцените статью
Мой сертификат
Добавить комментарий

© 2025 Мой сертификат