Java Connector
  • Java Connector
  • Concepts
    • Feature Summary
    • Terminology
    • Account Model
    • Packet Switching Fabric
    • Exchange Rates
    • Routing Table Design
    • Destination Address Handling
    • Balance Tracking
    • Settlement
  • Connector Configuration
  • Connector Configuration Properties
  • Persistence Initialization
  • Local STREAM Packet Termination
  • Connector Operation
  • Running with Docker
  • Peering: ILP-over-HTTP
  • Settlement: XRP Ledger
  • Running on GCP
  • Security Guide
    • Connector Crypto
    • test-jwt.io
    • Generating Keys
    • Spring Boot with TLS
  • API References
    • Admin API
  • Tutorials
    • ILP TestNet: Getting Started
  • Contributing
    • Connector Development
    • Project Testing
  • Releases
    • Changelog
Powered by GitBook
On this page
  • Setting up a private Certificate Authority (CA)
  • Certificate for Root CA
  • Signed Server Certificate
  • Configure TLS in Spring Boot

Was this helpful?

  1. Security Guide

Spring Boot with TLS

PreviousGenerating KeysNextAdmin API

Last updated 5 years ago

Was this helpful?

Note: These steps were taken from . All Keys and CAs in these folders are provided for example purposes only and SHOULD not be used for any production purposes other than demonstrating capabilities.

Setting up a private Certificate Authority (CA)

Certificate for Root CA

keytool -genkeypair -storetype pkcs12 -keyalg RSA -keysize 3072 -alias root-ca \
-dname "CN=My Root CA,OU=Development,O=My Organization,C=DE" \
-ext BC:c=ca:true -ext KU=keyCertSign -validity 3650 \
-keystore ./root-ca/ca.jks -storepass secret -keypass secret
keytool -exportcert -keystore ./root-ca/ca.jks -storepass secret \
-alias root-ca -rfc -file ./root-ca/ca.pem

Signed Server Certificate

keytool -genkeypair -storetype pkcs12 -keyalg RSA -keysize 3072 \
-alias localhost -dname "CN=localhost,OU=Development,O=My Organization,C=DE" \
-ext BC:c=ca:false -ext EKU:c=serverAuth -ext "SAN:c=DNS:localhost,IP:127.0.0.1" \
-validity 3650 -keystore ./server/server.jks -storepass secret -keypass secret
keytool -certreq -keystore ./server/server.jks -storepass secret \
-alias localhost -keypass secret -file ./server/server.csr
keytool -gencert -storetype pkcs12 -keystore ./root-ca/ca.jks -storepass secret \
 -infile ./server/server.csr -alias root-ca -keypass secret \
 -ext BC:c=ca:false -ext EKU:c=serverAuth -ext "SAN:c=DNS:localhost,IP:127.0.0.1" \
 -validity 3650 -rfc -outfile ./server/server.pem
keytool -importcert -noprompt -keystore ./server/server.jks -storepass secret -alias root-ca -keypass secret -file ./root-ca/ca.pem \
keytool -importcert -noprompt -keystore ./server/server.jks -storepass secret -alias localhost -keypass secret -file ./server/server.pem

Configure TLS in Spring Boot

To enable TLS put the following entries into your application.properties file.

server.port=8443
server.ssl.enabled=true
server.ssl.key-store=classpath:tls/server/server.jks
server.ssl.key-store-type=PKCS12
server.ssl.key-store-password=secret
server.ssl.key-alias=localhost
server.ssl.key-password=secret

With these property entries you will change the following behavior:

  • The application is started on port 8443 instead of port 8080 (by convention this is the usual port for HTTPS connections).

  • Use our new java key store server.jks which is of type PKCS12 and is opened with given store password

  • Define the alias of public/private key to use for the server certificate with corresponding key password

Important: Please do not forget to copy the java key store file server.jks you have created in previous section into the src/main/resource folder of the new spring boot application.

Secure Spring Boot Applications with TLS and HTTP/2