Creating keystore.p12 from letsencrypt certificate for spring boot projects:
Creating keystore.p12 from letsencrypt certificate for spring boot projects:
Table of Contents
Step 1: Stop your server
If your server is nginx then use the below command to stop the server.
sudo service nginx stop
Step 2: Generating new letsencrypt certificate
This is to create the new letsencrypt certificate, if you already have one certificate then skip this step.
./certbot-auto certonly -a standalone \ -d ngdeveloper.com -d www.ngdeveloper.com -d admin.ngdeveloper.com
here -d takes all this domains for this certificates, meaning the same certificate can be used for ngdeveloper.com/www.ngdeveloper.com and admin.ngdeveloper.com domains and subdomains.
Step 3: Converting letsencrypt to keystore.p12
go to /etc/letsencrypt/live/YOUR-CERTIFICATE-FOLDER/
sudo openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname root
password: YOUR_SECRET_PASSWORD
Step 4: Downloading generated keystore.p12 from server to local
scp -i aws-login.pem ec2-user@aws_ec2_host_name:/etc/letsencrypt/live/ngdeveloper.com-0001/keystore.p12 /home/mobaxterm/Desktop/ssl/
here aws-login.pem is a secret file provided by aws to login to their ec2 server.
I used mobaxterm tool to run this scp command and download keystore.p12 from server to local.
Step 5: Placing downloaded keystore.p12 in spring boot project
Now place keystore.p12 in your src/main/resources folder and configure YOUR_SECRET_PASSWORD(should be same like what you have entered while generating the keystore.p12 file) in your spring boot’s application.properties file:
server.port=8443
security.require-ssl=true
server.ssl.key-store=classpath:keystore.p12
server.ssl.key-store-password=YOUR_SECRET_PASSWORD
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat
spring.datasource.hikari.maximum-pool-size=5
cant convert pem to p12. I recive a bad certificate. “Could not parse invalid or corrupted data.”