Enable HTTPS in spring boot 2.0 with self-signed certificate

Nguyen Minh Thuan:

I'm following this tutorial using a self-signed certificate and enabling HTTPS in Spring Boot 2.0 just for testing purposes. In summary, the tutorial includes the following steps:

Use 1.Generate keystore keytool.

keytool -genkey -alias tomcat
 -storetype PKCS12 -keyalg RSA -keysize 2048
 -keystore keystore.p12 -validity 3650

2. Enable HTTPS in Spring Boot by adding some properties application.propertiesin the file.

server.port: 8443
server.ssl.key-store: keystore.p12
server.ssl.key-store-password: mypassword
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: tomcat

3. Redirect HTTP to HTTPS (optional). I ignored this part.

But when I start my application, I get these errors:

org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-8443]]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.apache.catalina.core.StandardService.addConnector(StandardService.java:225) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:255) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:300) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:162) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:552) [spring-context-5.0.4.RELEASE.jar:5.0.4.RELEASE]
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:752) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:388) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:327) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1246) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1234) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at epic.gwdg.restgraph.RestgraphApplication.main(RestgraphApplication.java:10) [classes/:na]
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
    at org.apache.catalina.connector.Connector.startInternal(Connector.java:1021) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    ... 13 common frames omitted
Caused by: java.lang.IllegalArgumentException: Private key must be accompanied by certificate chain
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1150) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:591) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.apache.catalina.connector.Connector.startInternal(Connector.java:1018) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    ... 14 common frames omitted
Caused by: java.lang.IllegalArgumentException: Private key must be accompanied by certificate chain
    at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1170) ~[na:na]
    at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:257) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    ... 19 common frames omitted

2018-03-16 16:42:30.917  INFO 970 --- [           main] o.apache.catalina.core.StandardService   : Stopping service [Tomcat]
2018-03-16 16:42:30.931  INFO 970 --- [           main] ConditionEvaluationReportLoggingListener : 

Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2018-03-16 16:42:30.933 ERROR 970 --- [           main] o.s.b.d.LoggingFailureAnalysisReporter   : 

***************************
APPLICATION FAILED TO START
***************************

Description:

The Tomcat connector configured to listen on port 8443 failed to start. The port may already be in use or the connector may be misconfigured.

Action:

Verify the connector's configuration, identify and stop any process that's listening on port 8443, or configure this application to listen on another port.

2018-03-16 16:42:30.934  INFO 970 --- [           main] ConfigServletWebServerApplicationContext : Closing org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@58ce9668: startup date [Fri Mar 16 16:42:26 CET 2018]; root of context hierarchy
2018-03-16 16:42:30.936  INFO 970 --- [           main] o.s.j.e.a.AnnotationMBeanExporter        : Unregistering JMX-exposed beans on shutdown

Process finished with exit code 1

Basically, the information is:

The private key must be accompanied by a certificate chain.

This is a self-signed certificate, so, of course, doesn't have a chain of trust. How can I fix this problem?

Here is my current application.propertiesfile:

server.port=8443
server.ssl.enabled=true
server.ssl.key-store=classpath:keystore.p12
server.ssl.key-password=123456
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=tomcat

thank you very much for your help.

e2rabi :

The problem is that in your keystore you don't have a pair of keys so that's because using the option -genkey you need the option -genkeypair to change it you don't have the private key:

-genkey generates a key, while -genkeypair generates a key pair (public and private key).

So I think this should work:

keytool -genkeypair -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048  -keystore keystore.p12 -validity 3650

In spring boot config change ":" by "=" and add path to your keystore, I think your keystore.p12 is in your resources folder etc:

server.ssl.key-store = classpath:keystore.p12
server.ssl.key-store-password = mypassword
server.ssl.key-store-type = PKCS12
server.ssl.key-alias = tomcat

Related

Enable HTTPS in spring boot 2.0 with self-signed certificate

Nguyen Minh Thuan: I'm following this tutorial using a self-signed certificate and enabling HTTPS in Spring Boot 2.0 just for testing purposes. In summary, the tutorial includes the following steps: Use 1.Generate keystore keytool. keytool -genkey -alias tomca

Self signed certificate in spring boot

j I'm trying to get a Spring-Boot server up and running, which provides some security over SSL. I followed steps 1 and 2 of this guide to get a self-signed certificate and was able to access my website via . This looks like this:httpsapplication.properties ser

Self signed certificate in spring boot

j I'm trying to get a Spring-Boot server up and running, which provides some security over SSL. I followed steps 1 and 2 of this guide to get a self-signed certificate and was able to access my website via . This looks like this:httpsapplication.properties ser

Self signed certificate in spring boot

j I'm trying to get a Spring-Boot server up and running, which provides some security over SSL. I followed steps 1 and 2 of this guide to get a self-signed certificate and was able to access my website via . This looks like this:httpsapplication.properties ser

Self signed certificate in spring boot

j I'm trying to get a Spring-Boot server up and running, which provides some security over SSL. I followed steps 1 and 2 of this guide to get a self-signed certificate and was able to access my website via . This looks like this:httpsapplication.properties ser

Self signed certificate in spring boot

j I'm trying to get a Spring-Boot server up and running, which provides some security over SSL. I followed steps 1 and 2 of this guide to get a self-signed certificate and was able to access my website via . This looks like this:httpsapplication.properties ser

Self signed certificate in spring boot

j I'm trying to get a Spring-Boot server up and running, which provides some security over SSL. I followed steps 1 and 2 of this guide to get a self-signed certificate and was able to access my website via . This looks like this:httpsapplication.properties ser

Https iOS with self signed certificate

Michael 67 I have a server with a self signed certificate. I want to connect device to server via https form. I heard I had to accept this connection. but I do not know. I have a self signed certificate as it is a test server. But I want to access it in https

Https iOS with self signed certificate

Michael 67 I have a server with a self signed certificate. I want to connect device to server via https form. I heard I had to accept this connection. but I do not know. I have a self signed certificate as it is a test server. But I want to access it in https

Https iOS with self signed certificate

Michael 67 I have a server with a self signed certificate. I want to connect device to server via https form. I heard I had to accept this connection. but I do not know. I have a self signed certificate as it is a test server. But I want to access it in https

egit with self-signed certificate, https

Hubidubi : I want to use a git repo accessible via https, the Https server has a self signed certificate. When trying to clone a repository using eclipse + egit, I always get the error: https://host/path : cannot open git-upload-pack sun.security.validator.Val

egit with self-signed certificate, https

Hubidubi : I want to use a git repo accessible via https, the Https server has a self signed certificate. When trying to clone a repository using eclipse + egit, I always get the error: https://host/path : cannot open git-upload-pack sun.security.validator.Val

ktor client https request with self signed certificate

Jay Yanez I have a Ktor server application (REST API) with a self signed certificate. From the browser (after the warning and confirmation) it works fine, port 80 redirects to 8443. However, if I try this from the Ktor Apache Client: fun main(args: Array<Strin

egit with self-signed certificate, https

Hubidubi : I want to use a git repo accessible via https, the Https server has a self signed certificate. When trying to clone a repository using eclipse + egit, I always get the error: https://host/path : cannot open git-upload-pack sun.security.validator.Val

ktor client https request with self signed certificate

Jay Yanez I have a Ktor server application (REST API) with a self signed certificate. From the browser (after the warning and confirmation) it works fine, port 80 redirects to 8443. However, if I try this from the Ktor Apache Client: fun main(args: Array<Strin

Enable Self-Signed HTTPS for RocketChat on Caddy

Aasimon I installed Rocket.Chat on Ubuntu 19.04 using snapshots according to the official documentation . I need to enable HTTPS to use web hooks and API integration for other systems. Since this server is in an intranet, I want to use self-signed SSL. Snaps i

Enable Self-Signed HTTPS for RocketChat on Caddy

Aasimon I installed Rocket.Chat on Ubuntu 19.04 using snapshots according to the official documentation . I need to enable HTTPS to use web hooks and API integration for other systems. Since this server is in an intranet, I want to use self-signed SSL. Snaps i

Java ssl/https client using self signed certificate

csheets: I am trying to write a Java https client using jdk version 1.6.0_32. I have a self-signed public certificate that I have imported into a new truststore. The problem is that I keep getting "Exception in thread "main" "javax.net.ssl.SSLHandshakeExceptio

AWS ELB -> HTTPS backend server with self-signed certificate

Giles I already have HTTPS to terminate external HTTPS connections on my AWS ELB. I'm now trying to secure the connection between the ELB on EC2 and the backend NGINX server using HTTPS with a self-signed certificate. I've followed the documentation , but acce

Xamarin.Forms HTTPS and Self-Signed Certificate Issuance

Tartar I'm using Xamarin.Forms and my priority is UWP. I am trying to pass a post request System.Net.Http.HttpClient, my code looks like this public async Task<LoginResponse> Login(User user) { HttpClient client = await GetClient(); var response = awa

android studio: https self-signed certificate not trusted

eitan 03 Trying to access https://localhost:5000/ with my own self-signed certificate via android studio (using kotlin) , but I keep getting the error: java.security.cert.CertPathValidatorException: Could not find trust anchor for certificate path . I have mad

Java ssl/https client using self signed certificate

csheets: I am trying to write a Java https client using jdk version 1.6.0_32. I have a self-signed public certificate that I have imported into a new truststore. The problem is that I keep getting "Exception in thread "main" "javax.net.ssl.SSLHandshakeExceptio

How to test PWA over HTTPS with self-signed OpenSSL certificate?

Corey Alex I can test the service worker over http using localhost, but I want to test on a mobile browser. Since it's a separate device, I can't use localhost, so I use the PC's name. So now I need to use https, which causes SSL related errors in my service w