Last active
September 19, 2018 05:40
-
-
Save marcellodesales/3d6ec083cd009a4f5998da60b3306c77 to your computer and use it in GitHub Desktop.
Generate an industry standard PKCS12 self-signed cert and setup SpringBoot to use it
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ref1: https://drissamri.be/blog/java/enable-https-in-spring-boot/ | |
Ref2: https://stackoverflow.com/questions/13578134/how-to-automate-keystore-generation-using-the-java-keystore-tool-w-o-user-inter/13578480#13578480 | |
1. Generate the cert | |
$ keytool -genkey -noprompt -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650 \ | |
-alias springboot \ | |
-dname "CN=App-Name, OU=Org-Unit, O=\"Company, inc.\", L=San Diego, ST=California, C=US" \ | |
-keystore tls.p12 \ | |
-storepass 123456 \ | |
-keypass 123456 | |
$ mkdir -p src/main/resources/binary | |
$ mv tls.p12 src/main/resources/binary |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2. Update processResources task as it can't touch the binary file. All resources are processed, and the binary is by-passed | |
—— build.gradle | |
/** | |
* Processes the resources, excluding the certs while building. | |
*/ | |
processResources { | |
exclude "**/binary/*" | |
filter ReplaceTokens, tokens: [ | |
"build.projectName": rootProject.name, | |
"build.timestamp": "today" | |
] | |
doLast { | |
copy { | |
from "${rootDir}/src/main/resources/binary" | |
include "*" | |
into "${buildDir}/resources/main/binary" | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3. Just add the server properties to change the port and use the cert under the binary resource dir | |
—— bootstrap.yml | |
server: | |
port: 8443 | |
ssl: | |
key-store: classpath:binary/tls.p12 # For Maven, use tls.p12 no dir | |
key-store-password: 123456 | |
keyStoreType: PKCS12 | |
keyAlias: springboot |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4. Profit by running the server will show it's using the self-signed cert. | |
---- gradle bootRun | |
2017-07-28T23:23:21,288 6493 | INFO | embedded.tomcat.TomcatEmbeddedServletContainer.initialize#87 | |
["restartedMain" {}] Tomcat initialized with port(s): 8443 (https) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo | openssl s_client -showcerts -connect localhost:8443 2>/dev/null | openssl x509 -inform pem -noout -text | |
Certificate: | |
Data: | |
Version: 3 (0x2) | |
Serial Number: 1684945637 (0x646e3ae5) | |
Signature Algorithm: sha256WithRSAEncryption | |
Issuer: C=US, ST=California, L=San Diego, O=Company, inc., OU=Org-Unit, CN=App-Name | |
Validity | |
Not Before: Sep 19 00:44:43 2018 GMT | |
Not After : Sep 16 00:44:43 2028 GMT | |
Subject: C=US, ST=California, L=San Diego, O=Company, inc., OU=Org-Unit, CN=App-Name | |
Subject Public Key Info: | |
Public Key Algorithm: rsaEncryption | |
Public-Key: (2048 bit) | |
Modulus: | |
00:91:cd:c0:2e:8f:f1:c5:61:8c:7c:f0:8c:b5:78: | |
c8:92:67:a0:65:42:3a:2e:17:36:dd:01:cb:6d:ae: | |
5e:bb:98:ed:12:f4:10:a8:f0:a2:d2:f0:2f:03:71: | |
0d:49:ad:0f:a4:e4:6e:6e:0a:70:16:90:df:ef:6e: | |
44:b7:dd:ae:f1:9a:8d:53:a6:15:7c:87:2c:a6:29: | |
f9:ca:d1:dd:90:63:9c:03:25:f4:db:f9:07:dc:13: | |
44:69:25:6b:2a:8e:69:cc:f9:2a:c3:a4:66:86:27: | |
25:44:19:f0:a9:7e:41:39:63:c7:d6:4d:95:63:05: | |
3e:62:c6:3e:c4:00:c4:71:77:9c:c1:8b:ef:00:19: | |
65:92:89:e3:d0:e4:ce:d2:45:3b:ff:d2:81:20:54: | |
ce:de:c6:fd:c9:2d:20:08:9c:27:66:6c:27:e0:ea: | |
88:34:81:24:78:b9:e1:33:f2:7e:18:06:e1:36:a4: | |
db:87:7f:67:33:fc:d5:4d:59:33:6d:75:df:4f:69: | |
28:8e:7c:34:a7:da:45:cd:bd:07:64:88:4e:a5:51: | |
71:85:d5:14:49:53:fa:e4:15:42:1b:3f:5a:48:df: | |
1e:f3:81:b4:9f:29:34:6c:db:5d:47:f1:07:6c:47: | |
da:9d:a0:e4:a9:bd:00:18:86:30:25:77:47:99:ee: | |
3f:8b | |
Exponent: 65537 (0x10001) | |
X509v3 extensions: | |
X509v3 Subject Key Identifier: | |
4A:CE:50:D1:62:10:8E:12:95:F9:58:ED:C9:3F:BD:6A:1D:C0:73:9F | |
Signature Algorithm: sha256WithRSAEncryption | |
6d:ae:69:5b:d9:cb:72:35:33:6d:33:93:e7:51:97:32:dd:68: | |
31:a9:fe:39:7b:39:6f:60:21:31:f8:46:e7:db:e6:ce:c1:90: | |
02:84:12:3d:4e:2d:2e:f5:5a:39:b1:c6:b8:89:35:fb:65:cd: | |
9c:25:b8:50:c6:52:87:f6:38:f4:e1:a4:95:bf:23:0d:cc:46: | |
97:88:f5:f7:b2:67:2d:c3:38:3f:4e:8b:8e:ef:15:e8:30:77: | |
76:fa:55:ee:c1:c0:b7:cb:67:31:96:34:77:18:45:87:bc:79: | |
7b:74:57:d4:40:f5:7c:bb:5b:68:a4:b7:e8:c7:da:49:95:ea: | |
05:a6:f1:99:68:48:18:77:05:cc:aa:dd:d0:9c:68:32:c8:61: | |
2a:5c:73:03:c4:88:af:97:b4:20:3e:12:00:2c:e4:fa:0f:cc: | |
3a:e9:93:50:b2:aa:1b:49:40:e5:28:7b:3d:d2:b5:a8:14:0e: | |
ad:2c:a7:2e:fc:5a:ec:a3:e8:e6:2d:f0:27:65:ee:4b:e0:96: | |
d4:36:56:cb:1c:67:bb:da:d8:1f:a3:6e:a2:8c:ac:dd:57:da: | |
d7:09:a0:e2:01:43:2d:07:d9:e5:5a:ef:78:af:23:ab:cf:26: | |
bc:e3:8a:02:2c:b3:a3:24:fd:a4:39:d9:4b:89:9a:7d:6e:8c: | |
05:cd:0b:0d |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ openssl pkcs12 -info -in src/main/resources/binary/tls.p12 | |
Enter Import Password: | |
MAC Iteration 100000 | |
MAC verified OK | |
PKCS7 Data | |
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 50000 | |
Bag Attributes | |
friendlyName: springboot | |
localKeyID: 54 69 6D 65 20 31 35 33 37 33 33 32 36 30 34 32 30 35 | |
Key Attributes: <No Attributes> | |
Enter PEM pass phrase: | |
Verifying - Enter PEM pass phrase: | |
-----BEGIN ENCRYPTED PRIVATE KEY----- | |
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQILOH5SHTcKv8CAggA | |
MBQGCCqGSIb3DQMHBAhixQzCjwRwBQSCBMjf1/A/TT76QAC1ybaWCmNN84rEsM0s | |
34pzJ32RFPHcrUnzcG87aZi5LgRtc0J0J0S87G8621ZYgRW2ncn7+wG8XFylBW4P | |
5Y+Kyq4ppxiSiG2QMEq4tMvlYgzJ20bQ1t23pSwawSUeq5htLetvScWgAobeuuPz | |
wTp6IpnqF3dnPr204LxNaGsjd5tEcOh3EUu7GUdGy4yt9zdC+/8a6wWoOkoCe2Q+ | |
YR3gYmD88NJnFXvZOV2kVusjihZMgSAz2nz6SWxNN0pqHJxAeNp/5NnH3qusBffl | |
QtkBqj/NIUONHAxlcXUl8JTyeB/BtGlU8bemPWbFRRHcYJPRK7GvZL3j/6AMLZim | |
HTTzU+DQ3976DX76vTpwl6pGr+si9k5qHlm6lCs/nv66BTV9WpE33rucpfxmpM0z | |
lTK7DGdn0LnEDLy0/XhbnLTsHHGcNJ4ocmxXlRUD7F8WyTI+otnzV2RuMeqy+gzs | |
3abiSCsKXN0nbthy7EH4tVADl96gFfkuDiT+y5ENba0Ey0bXNuHC8110iLeZ0Tk5 | |
ssCI7PjKRHXg4Gt4e5j/Ou36LUED8wvKnrFpNJk8XFYkSovVCGpzNw789mDgbnWS | |
ldxG5BRgLlrzVPrmznP+c+DmANMlcjjKevwmcoQAAzJ3Fa2ldFn82p0mogWTQ4iN | |
3oMyUgCU2vy9WZwq+iV7U0UhG2AIiFMYEP+vGF3UyZmIQU9RHP42/4WuHC+L/Ro/ | |
qEQP6EwfQAtPVYZn94fysaOGKf5ZGhDA2GmRE0y4DmpTuU712paLNqClTMV8pdj4 | |
OFDzl31FZnp+IQdKpmkDOaFiVaOuiUopDoZB5t1ZsW6PFD9p1/1Zow9WschfgaEg | |
DSGX4BV3MHgY96bDhtIquZamMqeZxtl/Oke/FblMtjnVPjyihWhMZPwc6E4N49JJ | |
A3B13tBar6mZkFPL8uYu5Pad7YBAhZ7gzkj24GqLWrIjx5O4BCtlAIyUqg9NI/Ky | |
/DrBihImq0x7h8bTnFY4/J/hqWVnLGCrH+4OFRQcwJ95cu4OUYh3EgbxZHPm7ASf | |
JiZuAC49+BSgEC7lB92kIhDqZxRI4BspCEwXfbE1An3pWn2r0x9adHwBm3K32mJ9 | |
jJC9Ab2yS52TwwApFWvJ1Djl0TNLhkcKJM9EnaBDg2br8bXEmUpRPE93FQ5iOM5F | |
QEg+oqrCpqjf3lrJj9NrG2DSzXwgAWwx3BmoNHInf6JtvdN8TknT70F5zvOYs5o9 | |
b3551+xSEFktU7w1hr6gq9bkeEFCxIBmhhWtj7ESF2zg78zWNKFBRt+ZqDK5z6MP | |
6VESMngpDM0Ma0CZlZRKJDU8rC5eSABBjJeLmiJFajO6w6K+2Z2CqtX7hZ7lMHWA | |
aMT8M1oHGCAeqECxzARKjjTiFF5mc8EkGWyqbJz6lfRXVnMJv+/LkITWaJX3Cip1 | |
J86iYeusSisC00T6YdEcJ05b3NiALcmoeSHp/HASM4ke3pvShJJRwKqSl+9OvyKg | |
vU4hHoZ9TjG9fgunI7cGYUHqI4qbNDxDRIntArxuZJhh3SryJXvjEQ07n0NW4J4J | |
dG2dONOYLCRirYc6T95C7JP1MbtN3XuTuGmerGQRzzgDiEtJRoCu51E2sd4XQJ/V | |
5J0= | |
-----END ENCRYPTED PRIVATE KEY----- | |
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 50000 | |
Certificate bag | |
Bag Attributes | |
friendlyName: springboot | |
localKeyID: 54 69 6D 65 20 31 35 33 37 33 33 32 36 30 34 32 30 35 | |
subject=/C=US/ST=California/L=San Diego/O=Company./OU=Org-Unit/CN=App-Name | |
issuer=/C=US/ST=California/L=San Diego/O=Company./OU=Org-Unit/CN=App-Name | |
-----BEGIN CERTIFICATE----- | |
MIIDvTCCAqWgAwIBAgIEe2sgDzANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC | |
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVNhbiBEaWVnbzEVMBMG | |
A1UEChMMSW50dWl0LCBpbmMuMRcwFQYDVQQLEw5JbnR1aXRQbGF0Zm9ybTEmMCQG | |
A1UEAxMdc3ByaW5nLWNsb3VkLWNvbmZpZy1wdWJsaXNoZXIwHhcNMTgwOTE5MDQ1 | |
MDA0WhcNMjgwOTE2MDQ1MDA0WjCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh | |
bGlmb3JuaWExEjAQBgNVBAcTCVNhbiBEaWVnbzEVMBMGA1UEChMMSW50dWl0LCBp | |
bmMuMRcwFQYDVQQLEw5JbnR1aXRQbGF0Zm9ybTEmMCQGA1UEAxMdc3ByaW5nLWNs | |
b3VkLWNvbmZpZy1wdWJsaXNoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK | |
AoIBAQDdQUkMlIPPxxT7alMnHxjvSHegfmowv35Hnkyebt3Dv3/POEtt9e6uq5+V | |
x1FXNJ/XYX1L/gA8VdzlAypEMZLpVmBCUTm+ESULrgwXLegW0S2CZl5jhFkT93DC | |
d6J1YIEfgkWemuBo9jk9EN1/xTW7X37nd3u9eXk+hkiHHKwtG67noiz7q/wGYahn | |
0/b0iSooBjZaAMoRTGkkaIbc+LyDs1SxRZmM7c8l8jeYSYEdLQYZKy7uyePKLJGn | |
sIWywQQCNRz97lNaL2/IdrDgzaNWiSnPsOiZX06VLPfOz6a2DSgQDQbTDv0U2Vy7 | |
vxWZwoXb3uPG1HmAxEVw76uLqbtzAgMBAAGjITAfMB0GA1UdDgQWBBRQDml0/scA | |
rK+1fGvXn6k5ordwJDANBgkqhkiG9w0BAQsFAAOCAQEAM+uN21+uRCpP0xCKzbvX | |
WG211r44QsRE5rFuU6s8AXhi0SZr6Sn77ZZNx8FgaLlErMQL/y/YZk95ZmSHJaDD | |
jgXoJPkvbN/eEvKuU9Iw8xhdZn58OK9p33uOXQozGG+/Av3uhVudyOijnNRmlg1N | |
EROfKQJdlbJdJ1RHyPimC2Pze+Mwp09c5oBl40SR4AczpYyZ0+nov/s5MrqtK+b8 | |
aO9o38rQP6OcqATQ94MRM6iMU0sP3aFe/BXzGa2iKN2lWf/YSjpC1373hZWwdKys | |
PgTgEmI6u/rkayYbQCfZAetODdV5Gac3wVeiejEtrzzfVHzDCnPIn7D0UAVkEo57 | |
qQ== | |
-----END CERTIFICATE----- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment