Enable HTTPS for Spring Boot App by Spring SSL Bundles + OpenSSL (Self-Signed Certificate)
ฝัง
- เผยแพร่เมื่อ 31 มี.ค. 2024
- In this video, we’re going to enable HTTPS for our Spring Boot Application using SSL Bundles from Spring Boot version 3.1. We’re also testing the SSL hot reload feature from Spring Boot version 3.2 that listens to the change of those SSL files to rotate the certificate as well.
Github: github.com/nlinhvu/spring-boo...
You Might Already Know Series: • You Might Already Know
References:
Old SSL Mechanism: docs.spring.io/spring-boot/do...
Spring Official Documentation - SSL: docs.spring.io/spring-boot/do...
Securing Spring Boot Applications With SSL: spring.io/blog/2023/06/07/sec...
SSL hot reload in Spring Boot 3.2.0: spring.io/blog/2023/11/07/ssl... - วิทยาศาสตร์และเทคโนโลยี
Great content! Is there a way to get the certificate and private key from properties as plain text for production?
you can refer to the first tip docs.spring.io/spring-boot/reference/features/ssl.html
Another great content dude. 💯
thank dude for encouraging 😉!
I use maven, and got error "PBE parameter parsing error: expecting the object identifier for AES cipher" when setting to use private-key-password, do you know how to fix it?
I haven't encountered this error, and the official documentation of openssl also doesn't specify clearly the default symmetric encryption(AES, DES) is used to encrypt the private key. So let's divide the 1 line openssl above to smaller steps, to create a AES encrypted key first then generate a certificate with it:
openssl genrsa -out server_rsa.key 2048
openssl pkcs8 -topk8 -inform PEM -in server_rsa.key -outform PEM -out server.key -v2 aes-256-cbc -passout pass:123456
openssl req -new -key server.key -out server.csr -subj "/CN=localhost" -passin pass:123456
openssl x509 -req -in server.csr -days 365 -sha256 -signkey server.key -out server.crt -passin pass:123456
After running 4 commands, you will end up with server.key and server.crt as they're needed in the yaml file.
Thats a self signed certificate, useless for production. You should make a video on the proper way to do it. 👍
thanks, you could be true, some internal services run in internal network might be potential use-cases.