Use valid SSL certificate with spring boot - spring-boot

I have CA trusted SSL certificate in the format of .p7b, .crt, .ca-bundle and also private key file .crt.
I want to run spring boot web service application over https. It is showing "Your connection is not private" error on the browser.
I tried to import .p7b and .crt file into .jks but since I do not know the correct alias and password, it is throwing keytool error: java.lang.Exception: Input not an X.509 certificate exception.
Please give a solution to use these valid certificate with spring boot application.
Provide format of application-https.properties.

Related

Redis use tls and Certificate Authority NA in Spring boot

In Redis insight:
Use TLS - checked
Certificate Authority- No CA certificate
Able to connect through redis insight software with above details by adding host, port and password.
Same thing trying in Spring boot,
In the configuration added usetls. NO CA certificate. how to configure in redis Spring boot? getting below error:
Request processing failed; nested exception is org.springframework.data.redis.RedisConnectionFail ureException: Unable to connect to Redis; nested exception is io.lettuce.core.RedisConnectionException: Unable to connect to xx.xx.xx.xx: ****] with root cause
sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target
I don't want to use any certificate and skip the error. As for redis insight also not used any certificate.

spring boot : automatic renew of letsencrypt certificate

i have a published spring boot app (http) and i want to secure it with HTTPS..
there are many tutorials on how to create a letsencrypt certificate and import it into the /resources folder of the spring boot app, to make the certificate work.
the letsencrypt certificate is only valid for three months.. and i would have to import the certificate and restart my spring boot application every time..
of course, certbot can automatically renew the letsencrypt certificate, but…
is there a way to do this task automatically (import and restart)?
are there any alternative ways to do this (without importing and restarting)?

Ssl connection between gcp load balancer and springboot application

Currently, I have my web application running on compute engine via a spring boot application. My website is ssl protected and it connects to my gcp load balancer. However, the connection between the load balancer and my spring boot application is http. How can I make this https as well? What are details that I need to provide. My application is deployed on a gcp compute vm.
Here are the steps I have followed :-
Generate a Self Signed cert (PKCS12 format) assuming you in development and testing phase else in PROD you will need a CA Signed or similar cert
Generate Key using your P12 cert and store it in to Key Store
Make your boot app enabled by setting the following properties
server.ssl.enabled=true
# The path to the keystore containing the certificate
server.ssl.key-store=classpath:keystore/yourCertificate.p12
# The password used to generate the certificate
server.ssl.key-store-password=password
# The alias mapped to the certificate
server.ssl.key-alias=yourAlias
# The format used for the keystore.
server.ssl.key-store-type=PKCS12
These steps will help you make your Boot app HTTPS enabled.

MSIS0037: No signature verification certificate found for issuer

I am trying to integrate saml with java spring boot application. I integerated it with okta, and works fine. But when i change the config to point to actual adfs(not Okta), i get this error on adfs "MSIS0037: No signature verification certificate found for issuer 'https://xxx.mydomain.com/saml/metadata'.
I checked my SAML auth request using SAML tracer and in that issuer is https://xxx.mydomain.com/saml/metadata, but i guess it should be https://xxx.mydomain.com and i am guessing that is why i get this error. I have installed an internally generated certificate on the server, and put the public key in the metadata i have provided to the adfs team which they have inserted successfully. Can anyone guide me to how to change issuer in my saml request?
You can change the issuer in the SAML request: <saml:Issuer> https://xxx.mydomain.com</saml:Issuer>
This guide has some good samples for doing this with ADFS and spring boot: https://myshittycode.com/2016/02/18/spring-security-saml-configuring-binding-for-sending-saml-messages-to-idp/

Why is cacerts ignored in Spring Saml?

I've made an implementation based on this with a FilesystemMetadataProvider: https://github.com/vdenotaris/spring-boot-security-saml-sample
To make the SSL handshake work for the artifact binding I had to put/trust the CA certificate for the IDP in the java keystore used by the keyManager.
I would rather have used the cacerts on the jre in case the IDP changed CA, but I haven't been able to find any property to set so that Spring SAML looks inside that instead.
Also this answer suggest that the cacert is ignored altogheter:
Spring Security SAML - HTTPS connections
Why is the cacert ignored in Spring SAML? This seems like a deficiency for me.
I have checked that the CA for the IDP is in the cacert file for my jre. If i remove the beans related to TLS/socket factory from the config it still fails.
Yes, cacerts is ignored. Spring SAML uses custom implementations for handling of trust, with an intention of providing more control over the system's security. You can always quite easily copy over all certificates from cacerts to samlKeystore.
Your custom certificate/JDK default certificate must have IDPs certicate imported as trust .
Your custom certificate used in JKS manager must have at-least one private key.
Please import your trust in JDK_PATH/jre/lib/securitycacerts and try the command wget <your_idp_descriptor_url>

Resources