Java Connector
Java Connector
Java Connector
Concepts
Feature Summary
Terminology
Account Model
Packet Switching Fabric
Exchange Rates
Routing Table Design
Destination Address Handling
Balance Tracking
Settlement
Connector Configuration
Connector Configuration Properties
Persistence Initialization
Local STREAM Packet Termination
Connector Operation
Running with Docker
Peering: ILP-over-HTTP
Settlement: XRP Ledger
Running on GCP
Security Guide
Connector Crypto
test-jwt.io
Generating Keys
Spring Boot with TLS
API References
Admin API
Tutorials
ILP TestNet: Getting Started
Contributing
Connector Development
Project Testing
Releases
Changelog
Powered by GitBook

Spring Boot with TLS

Note: These steps were taken from Secure Spring Boot Applications with TLS and HTTP/2. All Keys and CAs in these folders are provided for example purposes only and SHOULD not be used for any production purposes other than demonstrating capabilities.

Setting up a private Certificate Authority (CA)

Certificate for Root CA

keytool -genkeypair -storetype pkcs12 -keyalg RSA -keysize 3072 -alias root-ca \
-dname "CN=My Root CA,OU=Development,O=My Organization,C=DE" \
-ext BC:c=ca:true -ext KU=keyCertSign -validity 3650 \
-keystore ./root-ca/ca.jks -storepass secret -keypass secret
keytool -exportcert -keystore ./root-ca/ca.jks -storepass secret \
-alias root-ca -rfc -file ./root-ca/ca.pem

Signed Server Certificate

keytool -genkeypair -storetype pkcs12 -keyalg RSA -keysize 3072 \
-alias localhost -dname "CN=localhost,OU=Development,O=My Organization,C=DE" \
-ext BC:c=ca:false -ext EKU:c=serverAuth -ext "SAN:c=DNS:localhost,IP:127.0.0.1" \
-validity 3650 -keystore ./server/server.jks -storepass secret -keypass secret
keytool -certreq -keystore ./server/server.jks -storepass secret \
-alias localhost -keypass secret -file ./server/server.csr
keytool -gencert -storetype pkcs12 -keystore ./root-ca/ca.jks -storepass secret \
 -infile ./server/server.csr -alias root-ca -keypass secret \
 -ext BC:c=ca:false -ext EKU:c=serverAuth -ext "SAN:c=DNS:localhost,IP:127.0.0.1" \
 -validity 3650 -rfc -outfile ./server/server.pem
keytool -importcert -noprompt -keystore ./server/server.jks -storepass secret -alias root-ca -keypass secret -file ./root-ca/ca.pem \
keytool -importcert -noprompt -keystore ./server/server.jks -storepass secret -alias localhost -keypass secret -file ./server/server.pem

Configure TLS in Spring Boot

To enable TLS put the following entries into your application.properties file.

server.port=8443
server.ssl.enabled=true
server.ssl.key-store=classpath:tls/server/server.jks
server.ssl.key-store-type=PKCS12
server.ssl.key-store-password=secret
server.ssl.key-alias=localhost
server.ssl.key-password=secret

With these property entries you will change the following behavior:

  • The application is started on port 8443 instead of port 8080 (by convention this is the usual port for HTTPS connections).

  • Use our new java key store server.jks which is of type PKCS12 and is opened with given store password

  • Define the alias of public/private key to use for the server certificate with corresponding key password

Important: Please do not forget to copy the java key store file server.jks you have created in previous section into the src/main/resource folder of the new spring boot application.

Security Guide - Previous
Generating Keys
Next - API References
Admin API
Last updated 10 months ago
Edit on GitHub
Contents
Setting up a private Certificate Authority (CA)
Certificate for Root CA
Signed Server Certificate
Configure TLS in Spring Boot