I remember my experience with keytool, it's usage seemed quite convoluted for me. It's cool that establishing SSL now can be done mush easier and faster. Thank you for this great tutorial
я на это ssl и https убил 4 ДНЯ (!), а тут за 12 минут, ролик с 20 лайками, на чистом русском объяснил мне в три строчки. 100 очков тебе в карму, дарагой
So if I understand it correctly, the private key is bundled with the application. How secure is to provide it like that? Or maybe I misunderstand how this works?
Thank you for the question Florini! Yes, indeed, you're right and that's not cool to store a private key within an application itself, especially in the resources folder in repository. It may be fine just for local or dev environments. Anyway, application has to have access to private key. So, you can specify absolute path to some secured place, like ```server.ssl.certificate-private-key: /root/certs/not_accessible_for_devs.key``` on production server. I don't see big difference in security between storing private key itself and using jks. Because even in case of jks, password to key store has to be provided. And if someone knows it, it is not a problem to read a key pair from it
I remember my experience with keytool, it's usage seemed quite convoluted for me. It's cool that establishing SSL now can be done mush easier and faster. Thank you for this great tutorial
я на это ssl и https убил 4 ДНЯ (!), а тут за 12 минут, ролик с 20 лайками, на чистом русском объяснил мне в три строчки.
100 очков тебе в карму, дарагой
Спасибо!!! Я очень рад что кому-то помогло :)
I got .ca_bundle, .crt, private_key.key and one .csr file from the vendor. How should i configure this?
So if I understand it correctly, the private key is bundled with the application. How secure is to provide it like that? Or maybe I misunderstand how this works?
Thank you for the question Florini!
Yes, indeed, you're right and that's not cool to store a private key within an application itself, especially in the resources folder in repository. It may be fine just for local or dev environments.
Anyway, application has to have access to private key. So, you can specify absolute path to some secured place, like ```server.ssl.certificate-private-key: /root/certs/not_accessible_for_devs.key``` on production server.
I don't see big difference in security between storing private key itself and using jks. Because even in case of jks, password to key store has to be provided. And if someone knows it, it is not a problem to read a key pair from it
Когда заливаем на сервер тогда как будем реализовать