How to enable HTTPS using Goddady SSL in a Spring Boot application, deployed as WAR file in Tomcat-CodePudding

I have a Spring Boot application, deployed as WAR file in a Tomcat in Godaddy.Now, I do need to enable HTTPS on it.I had installed SSL on our domain and https is working on it.DNS and SSL certificates are managed by GoDaddy. I have already downloaded the certificate for tomcat which contains files as 'randomhex.crt','randomhex.pem','gd_bundle-g2-g1.crt','gdig2.crt.pem' and then I generated 'keystore.jks'&'keystore.p12' using these file following the below commands.

Step 1:

"keytool -import -trustcacerts -alias intermediate -file gd_bundle-g2-g1.crt -keystore keystore.jks"  using password as 'password1'

Step 2:

"keytool -import -trustcacerts -alias 'alias1' -file e1......7.crt -keystore keystore.jks"  using password as 'password1'

Step 3:

"keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -srcstoretype JKS -deststoretype PKCS12 -deststorepass 'password2' -srcalias 'alias1' -destalias 'alias2'"   using password as 'password1'

I know now I need to add this 'keystore.p12' file to my springboot project 'resource' folder and set below ssl properties,but I am not sure about what value to set based on the above mentioned commands.Please help me to set the values for below,

server:
  ssl:
    key-store: classpath:keystore.p12
    key-store-password: ?
    key-store-type: ?
    key-alias: ?
    key-password: ?
    enabled: true
  port: ?

Also do I need to make anything on my TOMCAT server to make https work for this spring boot project???

CodePudding user response：

Try this for Spring Boot:

server:
  ssl:
    key-store: classpath:keystore.p12
    key-store-password: password2
    key-store-type: PKCS12
    key-alias: alias2
    enabled: true
  port: 443

It does not look like a key-password is set. Try leaving it out & try 'changeit' (the default for jks).

For TOMCAT it needs to be set in $TOMCAT_HOME/conf/server.xml - one of the connectors:

<Connector
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="path/to/keystore.p12" keystorePass="password2" keyAlias="alias2"
           clientAuth="false" sslProtocol="TLS"/>

CodePudding user response：

Finally I found the solution.No need to configure SSL on spring boot.Just configure https on tomcat then https will work on your project.To configure https on tomcat you need to generate a keystore file(normally in .jks or .p12 format) by using sslcert.crt(randomhex.crt),sslkey.key,sslCA.crt(gd_bundle-g2-g1.crt) files as shown below:

goto '/opt/apache-tomcat/conf/' on your server and put above/below mentioned files there

openssl pkcs12 -export -in mycert.crt -inkey mykey.key -out mycert.p12 -name tomcat -CAfile myCA.crt -caname root -chain

Here

'mycert.crt' -> your randomhex.crt file,

'mykey.key' -> SSL key file from godaddy,

'myCA.crt' -> gd_bundle-g2-g1.crt ,

'mycert.p12' -> Name of the keystore file you want to generate.

You should asked a password when running above command and remember that password to configure tomcat server.xml file.

Now open server.xml o tomcat conf folder in edit mode and add below connector there,after that exit and save changes and restart tomcat then https will start working on your project.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true" compression="on" scheme="https" secure="true" keystoreFile="conf/mycert.p12"
keystorePass="password" SSLVerifyClient="none" SSLProtocol="TLSv1.2" />

Don't forget to add port 8443 on your spring boot 'application.yml'

server:
   port: 8443