How to enable HTTPS with Spring Boot Starter

General
1

Hello, i’ve tried a lot of things, this is my first project on vaadin and Spring in general.

I’ve bought an Ubuntu VPS to host a personal webserver, it is already working with HTTP but i would like to swap to HTTPS. Can someone explain to me what should i do? I’ve tried a lot of tutorials.

What i’ve tried
On linux side: use keytool to generate a .p12 file, moving it to the src/main/resources/keystore Java project file.

and add this to applications.properties

server.ssl.key-store= classpath:keystore/keystore.p12
server.ssl.key-store-type= PKCS12
server.ssl.key-store-password= XXXX
server.ssl.key-alias= XXXXX

But when i start the server it logs:

2024-04-29T19:24:45.541Z  INFO 1296388 --- [           main] com.example.application.Application      : Starting Application v1.0-SNAPSHOT using Java 21.0.2 with PID 1296388 (/root/smilefest/webcagorate-1.0-SNAPSHOT.jar started by root in /root/smilefest)
2024-04-29T19:24:45.556Z  INFO 1296388 --- [           main] com.example.application.Application      : No active profile set, falling back to 1 default profile: "default"
2024-04-29T19:24:47.110Z  INFO 1296388 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2024-04-29T19:24:47.223Z  INFO 1296388 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 101 ms. Found 2 JPA repository interfaces.
2024-04-29T19:24:48.371Z  INFO 1296388 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port 443 (https)
2024-04-29T19:24:48.397Z  INFO 1296388 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2024-04-29T19:24:48.398Z  INFO 1296388 --- [           main] o.apache.catalina.core.StandardEngine    : Starting Servlet engine: [Apache Tomcat/10.1.19]
2024-04-29T19:24:48.439Z  INFO 1296388 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2024-04-29T19:24:48.441Z  INFO 1296388 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 2718 ms
Standard Commons Logging discovery in action with spring-jcl: please remove commons-logging.jar from classpath in order to avoid potential conflicts
2024-04-29T19:24:48.964Z  INFO 1296388 --- [           main] o.hibernate.jpa.internal.util.LogHelper  : HHH000204: Processing PersistenceUnitInfo [name: default]
2024-04-29T19:24:49.050Z  INFO 1296388 --- [           main] org.hibernate.Version                    : HHH000412: Hibernate ORM core version 6.4.4.Final
2024-04-29T19:24:49.093Z  INFO 1296388 --- [           main] o.h.c.internal.RegionFactoryInitiator    : HHH000026: Second-level cache disabled
2024-04-29T19:24:49.381Z  INFO 1296388 --- [           main] o.s.o.j.p.SpringPersistenceUnitInfo      : No LoadTimeWeaver setup: ignoring JPA class transformer
2024-04-29T19:24:49.413Z  INFO 1296388 --- [           main] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Starting...
2024-04-29T19:24:49.825Z  INFO 1296388 --- [           main] com.zaxxer.hikari.pool.HikariPool        : HikariPool-1 - Added connection com.mysql.cj.jdbc.ConnectionImpl@b841713
2024-04-29T19:24:49.827Z  INFO 1296388 --- [           main] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Start completed.
2024-04-29T19:24:51.387Z  INFO 1296388 --- [           main] o.h.e.t.j.p.i.JtaPlatformInitiator       : HHH000489: No JTA platform available (set 'hibernate.transaction.jta.platform' to enable JTA platform integration)
2024-04-29T19:24:51.495Z  INFO 1296388 --- [           main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
2024-04-29T19:24:51.990Z  WARN 1296388 --- [           main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
2024-04-29T19:24:52.273Z  INFO 1296388 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@27563444, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@507e3e77, org.springframework.security.web.context.SecurityContextHolderFilter@55b7f9f1, org.springframework.security.web.header.HeaderWriterFilter@292b7a02, org.springframework.web.filter.CorsFilter@73796ae5, org.springframework.security.web.csrf.CsrfFilter@569026df, org.springframework.security.web.authentication.logout.LogoutFilter@55da6bf, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@3aebdb4, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@380cd266, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4b477121, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@3956e933, org.springframework.security.web.access.ExceptionTranslationFilter@5a183fa6, org.springframework.security.web.access.intercept.AuthorizationFilter@671561b9]
2024-04-29T19:24:53.062Z  INFO 1296388 --- [           main] o.a.t.util.net.NioEndpoint.certificate   : Connector [https-jsse-nio-443], TLS virtual host [_default_], certificate type [UNDEFINED] configured from keystore [/root/.keystore] using alias [tomcat] with trust store [null]
2024-04-29T19:24:53.091Z  INFO 1296388 --- [           main] c.v.f.s.DefaultDeploymentConfiguration   : Vaadin is running in production mode.
2024-04-29T19:24:53.139Z  INFO 1296388 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port 443 (https) with context path ''
2024-04-29T19:24:53.159Z  INFO 1296388 --- [           main] com.example.application.Application      : Started Application in 8.355 seconds (process running for 9.159)
2

Where is your problem?

3

Thank you, i don’t know how to add a SSL certificate to vaadin. If i visit https://mysite.com it says that there is no valid certificate

4

You need to buy or create a valid and trusted server certificate. All other technical steps were right.

5

https://letsencrypt.org/ could be an option for hobby project / personal stuff

1 Like
6

I used certbot but i can’t make it work…

Connector [https-jsse-nio-443], TLS virtual host [default], certificate type [UNDEFINED] configured from keystore [/root/.keystore] using alias [tomcat] with trust store [null]

Could this help?

8

I’ve generated it with certbot, also i followed the steps that i mentioned earlier but it does not work

9

Try to remove spaces after the “=” sign in application.properties.

For example

server.ssl.key-store-type= PKCS12

to

server.ssl.key-store-type=PKCS12
10

Still nothing i can’t visit the site.

Also there’s the same log in the console:

2024-04-30T15:47:47.217Z  INFO 1916146 --- [           main] o.a.t.util.net.NioEndpoint.certificate   : Connector [https-jsse-nio-443], TLS virtual host [_default_], certificate type [UNDEFINED] configured from keystore [/root/.keystore] using alias [tomcat] with trust store [null]

Do i have to do anything beside generating a keystore file?

11

I tried your setup and got the same error when I had the spaces.
Once I removed all of them it worked fine.
I think it is not related to the certificate itself.
Looking at the logs, it seems spring boot is not propagating your configurations to the embedded tomcat.

12

What command did you use to generate the certificate?

13

Honestly, I don’t remember right now. I used a self-signed certificate I created long time ago.
It is likely that I used GitHub - FiloSottile/mkcert: A simple zero-config tool to make locally trusted development certificates with any names you'd like.

14

You can try to put a breakpoint in TomcatServeltWebServerFactory.customizeSsl and check if the ssl field contains your configuration

15

Thanks, this is the field:

image
image820×724 119 KB

Still can’t visit the site, i’ve used also mkcert

16

I just noticed I was using an old Spring Boot version.
Anyway, I get a message similar to

Connector [https-jsse-nio-443], TLS virtual host [_default_], certificate type [UNDEFINED] configured from keystore [/root/.keystore] using alias [tomcat] with trust store [null]

but I can access the application on https.
What do you mean by ‘I can’t visit the site’?

17

I mean without getting the warning notification.

I’ve noticed that even on localhost there’s another certificate…

I’ve installed a email server on a different port using a docker, maybe this is the cause.

Also i’ve ported the mkcert file into my local machine and i view this:

Subject: smilefest.it
Issuer: mkcert root@mail.smilefest.it
Expires on: 30 lug 2026
Current date: 30 apr 2024
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
18

One thing that I notice is that in the configuration posted at the beginning of the thread, the kyestore file was keystore/keystore.p12, but in the screenshot it is different.
But I assume the first one was just an example, not the actual configuration.

19

Yes it was an example

20

Try to run the server on a different port (e.g. 8443), but I suppose there will be no difference.
I’m sorry, but currently I have no other ideas.

21

Tried but with failure.

I’ve noticed that if i use the server ip it says:

Bad Request
This combination of host and port requires TLS.

But if i use the domain name it just stops me with an error.

If i host it on my machine there is just a warning but i can visit the site.