A step by step guide to create a containerized spring boot application in order to secure application-level data transport by using a self signed certificate
Hi all, let me share my experience on how to enable secure application-level data transport support for a Spring Boot application from scratch in a development environment.
What do we mean by SSL and TLS ?
SSL or Secure Sockets Layer and TLS or Transport Layer Security are cryptographic protocols, and SSL is a now-deprecated ancestor of TLS. Both the protocols are used for creating an encrypted connection between a web server and a web browser.
What do we mean by Self Signed SSL certificate and Certificate Authority (CA) Signed SSL certificate ?
Self Signed SSL certificate is a security certificate that is used for non-production environment in order to test SSL endpoint features as it is easy to create and do not cost money. However it is not recommended for production environment as it do not provide all the security certificate.
Certificate Authority (CA) Signed SSL certificate is also a security certificate but it is signed by a Certificate Authority (CA) and provide all the security certificate and is standard for a production environment and involves cost.
Lets consider a spring boot application to enable SSL or HTTPs.
As its a sample example I will not use CA signed SSL certificate rather go for a self signed SSL certificate.
How to create a self signed certificate ?
In this example I will use JDK’s keytool to generate a self signed certificate in PKCS 12 format. I am using a windows machine, I have open a terminal to generate the keytool using this command .
keytool -genkeypair -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore key-cert-mousumi.p12 -validity 365
- genkeypair (Generates a key pair)
- keysize (size of the key)
- storetype (keystore format)
- keystore (is a repository where private keys, certificates and symmetric keys are stored)
Once you enter this command, you get a series of instructions as shown in the below screen.
For more information on PKCS 12 format you can refer this link -https://en.wikipedia.org/wiki/PKCS_12
Once the command is executed you will get a certificate under this folder as shown in the screen below.
Next , I will create a simple spring boot application using gradle.
I have created a spring boot application and configure the build.gradle file with minimal spring-boot jars.
Below is my build.gradle file.
Now, I will create a main spring-boot class as shown below.
Next, we need to add the Self Signed SSL certificate under the resources folder as shown in the screen below.
Next we need to add SSL details to the application.properties file.
Finally we are done with creating a secure spring boot application.
In order to test this application we can start the spring boot application and hit this url https://localhost:8443/ . Below is the screen .
As we can see that spring boot application is running over a secure network we can create an containerized image of the spring boot application.
Note: If you are creating an image manually with command , than always build the latest code so that all the changes are reflected in the docker container.
For this we will create a Dockerfile as shown in the screen below.
After this we will build the docker image by using the docker build command as shown in the below screen.
Next we will check the docker image by using this command as shown in the below screen.
Ignore the security warning
Next we will run the docker image by using this command as shown in the below screen.
Next we will check if container is up and running or not by using this command as shown in the below screen.
Finally , we will check the docker logs to ensure that spring boot application is up and running by using this docker command as shown in the below screen.
The last line in the above screen clearly indicates that application is up and running.
For a detail information on docker image creation, you can check my other story.
Now , we are sure that the application is running, we will try to hit the same url i.e. https://localhost:8443/ in the web browser.
Below is the screen of the web browser and this indicates that container for the given image is running successfully.
This is how you can create a secure spring boot application using a Self Signed SSL certificate.
Though Self Signed SSL certificate are not standard for production environment, they are great choice if you want to test the application in local development environment.
Hope this will help my fellow developers.
I have personally feel that creating a secured application in the development environment itself helps you a lot, if you are building an application which is not production ready, needs to be integrated with other secured applications and also to handle CORS . Please share your feedback whoever reads this content, this will in a way encourage me.
GitHub link: https://github.com/mousumi8/spring-boot/tree/master
References: https://docs.oracle.com/javase/9/tools/keytool.htm , https://en.wikipedia.org/wiki/PKCS_12 , https://spring.io/, https://www.docker.com/
