2

I am looking to integrate Spring Boot with 2 way TLS.

My query is that I want to use this for development and can we have the 2 way TLS in one Spring MVC or do we need to create a separate client MVC?

I used this link for reference https://www.baeldung.com/spring-tls-setup in this the configuration of TLS on Tomcat how to configure the server XML file and to find it.

Also where should the truststore certificate should be stored if we use only one microservice for mutual TLS?

Following is the application properties:

server.port=8443
server.ssl.enabled=true
server.ssl.key-store-type=JKS
server.ssl.key-store=classpath:keystore/server-app.jks
server.ssl.key-store-password=password
server.ssl.key-alias=server-app
server.ssl.protocol=TLS
server.ssl.enabled-protocols=TLSv1.3
#server.ssl.client-auth=need
server.ssl.trust-store=classpath:keystore/truststore.jks
server.ssl.trust-store-password=password
informatik01
  • 16,038
  • 10
  • 74
  • 104
swarajsingh78
  • 79
  • 8
  • Have a look at [X.509 Authentication in Spring Security](https://www.baeldung.com/x-509-authentication-in-spring-security). – slauth Oct 28 '21 at 12:21
  • This might also be handy: [Tutorial Mutual TLS with Spring Boot and many clients](https://github.com/Hakky54/mutual-tls-ssl) The client requires a separate ssl configuration. You don't need to configure the server with xml, you can just use the application properties. You can store the truststore in the application resources and bundle it with the jar – Hakan54 Oct 28 '21 at 13:14
  • Regarding the trust store I am new so I have a question which jks file should be added as truststore the client's or the server's – swarajsingh78 Oct 29 '21 at 07:48
  • I can recommend to add to them both, in that way the server and client will have a list of trusted certificates which indicate whom they trust – Hakan54 Oct 29 '21 at 07:56
  • I added both after import both into each others keystores to create trust and added both the certificates into resources but still facing:-Caused by: java.lang.IllegalArgumentException: the trustAnchors parameter must be non-empty – swarajsingh78 Oct 29 '21 at 10:21
  • should i create a seperate client application? – swarajsingh78 Oct 29 '21 at 10:22

0 Answers0