Is there a way to get a certificate for spring boot API to convert from http to https other than self signed certificates?

Question

I use Spring boot for my API and I tried enabling https for my application with a Self signed certificate but while accessing that firefox and chrome showed warnings saying

Warning: Potential Security Risk Ahead with MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

and flutter,postman show this too so i reverted back to http , So is there a way to get a https certificate for my spring boot application?

Answer 1

There are two possibilities here

1. You want HTTPS because you want to secure your data transmission
2. You want HTTPS only to show SSL lock. So that mobile apps can connect smoothly.

If you come under #1 - I suggest you to buy proper certificate from any vendor and install it at tomcat level so that all your microservices can use it. I took a free certificate from letsencrypt for 3 months and did the same. However, installation can be real painful as you have to convert those certificates to JVM supported format etc.

If you come under #2 - I suggest you to use reverse proxy service like cloudflare. It is very easy to configure. Also, cloudflare issued SSL will be free.

i.e. Your traffic from client to cloudflare will be secured and have SSL lock. However, traffic from cloudflare to your server will be HTTP.

Answer 2

If you are looking for a free way to get an https certificate and enable https for your endpoint, there are mmultiple ways for you to do this.

• If you are on cloud then , cloud providers like for instance the cloudflare provides easy integration of ssl certificates and all traffic to and from your cloud env will be ssl encrypted.Also AWS has the following policy :

When you purchase or transfer a domain name with us you get all those features included:

• Free domain protection & WHOIS privacy, 5 Email forwards
• Free SSL Certificate if you also host your website on Cloud CMS
• Simple DNS Editor to manage your DNS entries (A, CNAME, MX, ...), configure name servers, domain owner, renewal option

• Another method is for you to setup Let's encrypt on your machine to get a free ssl certificate every three months and use that certificae on your springboot application. The certificate is by default valid for only 90 days , but Let's encrypt provides a job that you could run on your server which will automatically update it once it's expired.Once you get the ssl certificate you could add it to springboot easily via application.properties like below. Read guide.

application.properties

server.port=8443
security.require-ssl=true
server.ssl.key-store=/etc/letsencrypt/live/example.com/keystore.p12
server.ssl.key-store-password=<your-password>
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat