Configure HTTPS
The example below shows how to create a JKS (Java Key Store) file to enable TLS (https) for Securosys Rest-API.
There are multiple ways to generate a .jks file. In this example we are using openssl to create a certificate for CN=localhost. e.g. https://localhost:8080/v1/licenseInfo
It is required to have these utilities preinstalled on the device where the .jks file will be created.
Creating a Key and Certificate
Use the following command to generate a key (ca.key) and certificate (ca.crt) for TLS configuration with openssl:
openssl req -new -x509 -nodes -sha256 -newkey rsa:4096 -days 3650 -subj '/CN=localhost' -keyout ca.key -out ca.crt
Import Key and Certificate into Key Store
For the next steps you will require your *.key
, *.crt
files (or simply using a self-signed certificate, as show in the command above).
openssl pkcs12 -export -in ca.crt -inkey ca.key -out securosys-ska-server.p12
Configure HTTPS on TSB
-
Copy the previously generated
securosys-ska-server.p12
file to the securosys-tsbconfig-files/tls
folder.
(Create a new directorytls
if it does not exist) -
Adapt the following properties in
application-local.yml
file:
## HTTPS CONFIGURATION
tls:
# set to true if you want to use TLS (https)
enabled: true
keyStore: 'file:/etc/app/config/tls/securosys-ska-server.p12'
keyStorePassword: secret
The example above provides a guide to create a Certificate on localhost. If you want to use a public domain, a prerequired step for this example is to generate a certificate for your domain. Then you can go to step Import Key and Certificate into Key Store to import the files into KeyStore.
Example startup
You should see in the TSB logs, that the server started with http(s).
A sample below:
Tomcat initialized with port(s): 8080 (https)
Connector [https-jsse-nio-8080], TLS virtual host [_default_], certificate type [UNDEFINED] configured from keystore [/root/.keystore] using alias [tomcat] with trust store [null]
Tomcat started on port(s): 8080 (https) with context path ''
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v3.1.6)
2024.01.03 10:13:28.700 [34mINFO [0;39m [ restartedMain] [36m[ com.securosys.ska.Application][0;39m Starting Application using Java 17.0.2 with PID 1 (/opt/app started by root in /)
2024.01.03 10:13:28.706 [34mINFO [0;39m [ restartedMain] [36m[ com.securosys.ska.Application][0;39m No active profile set, falling back to 1 default profile: "default"
2024.01.03 10:13:28.905 [34mINFO [0;39m [ restartedMain] [36m[sPropertyDefaultsPostProcessor][0;39m For additional web related logging consider setting the 'logging.level.web' property to 'DEBUG'
2024.01.03 10:13:31.887 [34mINFO [0;39m [ restartedMain] [36m[epositoryConfigurationDelegate][0;39m Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2024.01.03 10:13:32.096 [34mINFO [0;39m [ restartedMain] [36m[epositoryConfigurationDelegate][0;39m Finished Spring Data repository scanning in 196 ms. Found 10 JPA repository interfaces.
2024.01.03 10:13:36.722 [34mINFO [0;39m [ restartedMain] [36m[mbedded.tomcat.TomcatWebServer][0;39m Tomcat initialized with port(s): 8080 (https)
2024.01.03 10:13:36.805 [34mINFO [0;39m [ restartedMain] [36m[oyote.http11.Http11NioProtocol][0;39m Initializing ProtocolHandler ["https-jsse-nio-8080"]
2024.01.03 10:13:36.819 [34mINFO [0;39m [ restartedMain] [36m[.catalina.core.StandardService][0;39m Starting service [Tomcat]
...
2024.01.03 10:13:53.391 [34mINFO [0;39m [ restartedMain] [36m[oyote.http11.Http11NioProtocol][0;39m Starting ProtocolHandler ["https-jsse-nio-8080"]
2024.01.03 10:13:54.082 [34mINFO [0;39m [ restartedMain] [36m[il.net.NioEndpoint.certificate][0;39m Connector [https-jsse-nio-8080], TLS virtual host [_default_], certificate type [UNDEFINED] configured from keystore [/root/.keystore] using alias [tomcat] with trust store [null]
2024.01.03 10:13:54.099 [34mINFO [0;39m [ restartedMain] [36m[mbedded.tomcat.TomcatWebServer][0;39m Tomcat started on port(s): 8080 (https) with context path ''
2024.01.03 10:13:54.179 [34mINFO [0;39m [ restartedMain] [36m[ com.securosys.ska.Application][0;39m Started Application in 27.365 seconds (process running for 29.127)
2024.01.03 10:13:54.183 [34mINFO [0;39m [ restartedMain] [36m[.business.BootstrappingProcess][0;39m Executing application bootstrapping
...