Creating keystore.p12 from letsencrypt certificate for spring boot projects:

Creating keystore.p12 from letsencrypt certificate for spring boot projects:

Step 1: Stop your server

If your server is nginx then use the below command to stop the server.

sudo service nginx stop

 

Step 2: Generating new letsencrypt certificate

This is to create the new letsencrypt certificate, if you already have one certificate then skip this step.

./certbot-auto certonly -a standalone \ -d ngdeveloper.com -d www.ngdeveloper.com -d admin.ngdeveloper.com

here -d takes all this domains for this certificates, meaning the same certificate can be used for ngdeveloper.com/www.ngdeveloper.com and admin.ngdeveloper.com domains and subdomains.

Step 3: Converting letsencrypt to keystore.p12

go to /etc/letsencrypt/live/YOUR-CERTIFICATE-FOLDER/

sudo openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname root

password: YOUR_SECRET_PASSWORD

 

Step 4: Downloading generated keystore.p12 from server to local

scp -i aws-login.pem ec2-user@aws_ec2_host_name:/etc/letsencrypt/live/ngdeveloper.com-0001/keystore.p12 /home/mobaxterm/Desktop/ssl/

here aws-login.pem is a secret file provided by aws to login to their ec2 server.

I used mobaxterm tool to run this scp command and download keystore.p12 from server to local.

 

 

Step 5: Placing downloaded keystore.p12 in spring boot project

Now place keystore.p12 in your src/main/resources folder and configure YOUR_SECRET_PASSWORD(should be same like what you have entered while generating the keystore.p12 file) in your spring boot’s application.properties file:

server.port=8443
security.require-ssl=true
server.ssl.key-store=classpath:keystore.p12
server.ssl.key-store-password=YOUR_SECRET_PASSWORD
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat
spring.datasource.hikari.maximum-pool-size=5

One comment

  • Vitalicus

    cant convert pem to p12. I recive a bad certificate. “Could not parse invalid or corrupted data.”

Leave a Reply