How to configure truststore at springboot

-
In this tutorial, we would like to setup a truststore in our springboot application. To support https in SpringBoot, we need to generate self-signed certificate by java keytool. I assume that a springboot application is ready. We are going to focus on keystore and truststore configuration.

In this step, we as a server. We need to generate a java keystore by keytool.
keytool -genkey -keyalg RSA -alias dataflow -keystore dataflow.jks -keypass dataflow -storepass dataflow -validity 365 -keysize 4096 -dname "CN=localhost, OU=spring"
if we run our application at local environment, CN set to localhost. eg. CN=localhost.

Now, we as a client. We want to generate client certificate. We named the keystore as client_keystore. The step is similar the step on top. 
keytool -genkey -keyalg RSA -alias client -keystore client_keystore.jks -keypass password -storepass password -validity 365 -keysize 4096 -dname "CN=user, OU=spring"

After that, We would like to convert keystore type from JKS to PCKS12 .
keytool -importkeystore -srckeystore client_keystore.jks -destkeystore client.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass password -deststorepass 123456 -destkeypass 123456 -srcalias client -destalias client

Generate certificate
keytool -export -keystore client_keystore.jks -alias client -file client.der -storepass password

Import certificate into truststore.jks
keytool -import -file client.der -alias client -keystore truststore.jks -storepass 123456 -noprompt

For safety, remove the client_keystore.jks and client.der
# rm client_keystore.jks client.der


Now, let us configure application.yml. The parameter client-auth can be set to 'need' or 'want'
server:
  port: 8443
  ssl:
    enabled: true
    key-alias: dataflow
    key-store: /home/nicklim/tmp/keystore_tutorial/dataflow.jks
    key-store-type: jks
    key-store-password: dataflow
    key-password: dataflow
    trust-store: /home/nicklim/tmp/keystore_tutorial/truststore.jks
    trust-store-password: 123456
    trust-store-type: jks
    client-auth: need


Import key into chrome
Click Settings -> Advanced -> Privacy and security -> Manage Certificates. Import the client.p12 into Chrome.

You are able to run https://localhost:8443/test1 on chrome browser. Select the certificate which you have imported.

Finally, we are able to get the response from our server app.
Location: Malaysia

Comments

Post a Comment

Popular posts from this blog

How to Generate Contour Lines with QGIS – Step-by-Step Guide

-
Image
  Introduction Creating contour lines has always been a recurring task in my projects, QGIS stands out as an excellence choice. As a free and open-source software, QGIS combines ease of use with robust capabilities, making it a go-to solution for geospatial analysis. In this post, I'll guide you through the process of generating contour lines using QGIS, sharing tips and ticks I've picked up along the way to streamline the workflow and ensure precision. Step 1: Add a DEM TIFF To begin generating contour lines in QGIS, the first step is to load your Digital Elevation Model (DEM) file, typically in TIFF format. Here's how: 1.  Open QGIS : Launch the QGIS application on your system. 2. Add Raster Layer : Navigate to the Layer menu at the top. Select Add Layer > Add Raster Layer . Alternatively, you can click the Add Raster Layer  icon in the toolbar. 3. Locate Your DEM File : In the file browser, find your DEM file (eg., .tiff) and click Open . 4. View the DEM : Your DEM
Read more