You can use an SSL certificate to enable HTTPS on Spring Boot and implement encrypted transmission of data in network communication. This topic describes how to enable HTTPS on Spring Boot.

Prerequisites

  • The certificate uses the RSA or ECC algorithm, and the certificate is in the Issued state.
    Note If your certificate uses the SM2 algorithm, you cannot install the certificate on Spring Boot. You must revoke the certificate and apply for a new certificate that uses the RSA or ECC algorithm. For more information about how to revoke a certificate and apply for a certificate, see Revoke an SSL certificate and Submit a certificate application.
  • Port 443 is enabled on Spring Boot. Port 443 is the default port for HTTPS services.
  • A remote logon tool, such as PuTTY or Xshell, is available for you to log on to your web server.

Procedure

  1. Log on to the SSL Certificates Service console.
  2. In the left-side navigation pane, click SSL Certificates Service.
  3. Find the certificate that you want to download and click Download in the Actions column.
  4. In the Download Certificate panel, find the certificate for Tomcat and click Download in the Actions column.
    Note You can install a certificate in the PFX or JKS format on Spring Boot. To download a PFX certificate, find the certificate for Tomcat and click Download in the Actions column. In this example, a PFX certificate is used. To download a JKS certificate, find the certificate and click Download in the Actions column.
    This operation downloads a certificate package to your computer and stores the package in the default download directory of your browser.
  5. Go to the directory and decompress the certificate package.
    The following two files are extracted from the package. Certificate files
    • Certificate file: domain name.pfx.
    • Password file: pfx-password.txt.
    Note
    • In this example, the certificate name is domain name.
    • A new password is generated each time you download a certificate. The password is valid only for the downloaded certificate. If you want to update a certificate, you must also update the password.
  6. Log on to your Spring Boot application server.
  7. Copy the certificate file and password file that you obtained to the root directory src/main/resources/ of the Spring Boot project.
    Note If you have modified the directory of the Spring Boot project, you must copy the certificate and password files to the directory in which the configuration file application.properties or application.yml is stored.
  8. Modify the configuration file application.properties or application.yml.
    • Reconfigure the parameters in the application.properties file based on the following code:
      server.port = 443    # Enable port 443, which is the default port for HTTPS services. You can change the port based on your business requirements. 
      server.ssl.key-store: classpath = <domain name.pfx>   # Replace domain name.pfx with the name of your certificate. 
      server.ssl.key-store-password = ********    # Enter the password in the pfx-password.txt file. 
      server.ssl.keyStoreType = PKCS12
    • Reconfigure the parameters in the application.yml file based on the following code:
      server:
        port: 443    # Enable port 443, which is the default port for HTTPS services. You can change the port based on your business requirements. 
        ssl:
          key-alias: tomcat
          key-store-password: ********    # Enter the password in the pfx-password.txt file. 
          key-store-type: PKCS12
          key-store: classpath:<domain name.pfx>    # Replace domain name.pfx with the name of your certificate. 
  9. Run the mvn spring-boot:run command to restart the Spring Boot service.

What to do next

Check whether HTTPS is enabled.
After the configuration is complete, you can access the domain name that is bound to the certificate to check whether HTTPS is enabled.
https://yourdomain 
  • If a small lock is displayed in the address bar, HTTPS is enabled.
  • If your website cannot be accessed over HTTPS, check whether port 443 is enabled on your server. If port 443 is enabled on your server and your website cannot be accessed over HTTPS, submit a ticket.