How to Enable HTTPs in Spring Boot Application

HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP that encrypts communication using SSL (Secure Sockets Layer) or TLS (Transport Layer Security). It ensures secure communication between a client and a server by encrypting the data transmitted.

By default, Spring Boot applications run on port 8080 (HTTP). To enable HTTPS, we need to configure the application to use port 443 and provide an SSL certificate.

Steps to Enable HTTPS in Spring Boot

To configure HTTPS in Spring Boot, follow these two main steps:

1. Create an SSL/TLS Certificate, either self-signed or from a Certificate Authority (CA).
2. Configure HTTPS protocol and port 443 in the application.

Prerequisites

Before starting, make sure you have the following:

• Java Development Kit (JDK) installed
• Spring Tool Suite (STS) or any IDE for Spring Boot
• keytool (available by default with JDK)

Step 1: Create a Self-Signed Certificate

An SSL certificate is a digital certificate that authenticates a website’s identity and enables an encrypted connection. It helps secure sensitive data exchanged between client and server during transactions.

Command to Generate a Self-Signed Certificate:

Use the keytool utility that comes with JDK to generate a self-signed certificate:

keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 \
-keystore keystore.p12 -validity 3650

After running this command, you will be prompted for information such as name, organization, city, and password. Example:

Enter keystore password:
Re-enter new password:
What is your first and last name? [Unknown]: ABC DEF
What is the name of your organizational unit? [Unknown]: GFG
What is the name of your organization? [Unknown]: GeeksforGeeks
What is the name of your City or Locality? [Unknown]: Noida
What is the name of your State or Province? [Unknown]: Uttar Pradesh
What is the two-letter country code for this unit? [Unknown]: IN
Is CN=ABC DEF, OU=GFG, O=GeeksforGeeks, L=Noida, ST=Uttar Pradesh, C=IN correct? [no]: yes

Important Parameters

• -genkey : Generates a key pair (public and private keys)
• -alias : Alias name for the generated certificate
• -storetype : Type of keystore (e.g., PKCS12, JKS)
• -keyalg : Algorithm used for key generation (e.g., RSA)
• -keysize : Key length (recommended 2048 bits)
• -keystore : Name of the keystore file
• -validity : Validity of the certificate in days

After successful execution, a file named keystore.p12 will be created containing your SSL/TLS certificate.

Step 2: Configure HTTPS in application.properties

Once the certificate is created, configure it in the application.properties file of your Spring Boot project.

application.properties:

server.port=443
server.ssl.key-store=keystore.p12
server.ssl.key-store-password=geeksforgeeks
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat

If you prefer YAML format, you can define the same configuration in application.yml:

server:
port: 443
ssl:
key-store: keystore.p12
key-store-password: geeksforgeeks
keyStoreType: PKCS12
keyAlias: tomcat

Configuration Explanation

• server.port : Port number on which the application runs. HTTPS typically uses port 443
• server.ssl.key-store : Path to the keystore file containing the SSL certificate
• server.ssl.key-store-password : Password used to access the keystore
• server.ssl.keyStoreType : Type of keystore (PKCS12 or JKS)
• server.ssl.keyAlias : Alias name used to identify the key inside the keystore

Step 3: Run Your Application

Use the following Maven commands to build and run your Spring Boot application:

To clean and compile the project:

mvn clean compile

To build and run the application:

mvn clean install
java -jar target/<your-jar-file>.jar

Once the application starts, it will be running securely on port 443 using the HTTPS protocol.

Step 4: Verify HTTPS Configuration

After successful startup, open your browser and navigate to:

https://localhost/greet

Your browser may show a warning if you are using a self-signed certificate, which is normal during development. For production, always use a trusted CA-signed certificate.