Securing the microservice with HTTPS
You can secure your microservice with HTTPS when you (re)start your microservice, either by supplying command-line parameters or by creating a separate application.yml file in which you specify parameters.
Procedure
- Access the machine on which the microservice is installed.
- If you do not yet have a valid HTTPS certificate, obtain one in the form of a .cer file.
- If you did not yet add your certificate to a keystore, and if you do not yet have a keystore in place, create one using the following command (on a single line):
keytool -genkey -alias ALIAS -keyalg RSA -keypass KEYSTOREPASSWORD -storepass TRUSTSTOREPASSWORD -keystore PATH/TO/KEYSTORE.jkswhere:keytoolis the Java keytool executable (found in %JAVA_HOME%\bin\)- ALIAS is the alias you want to assign to this certificate
- KEYSTOREPASSWORD is the password you want to use to access the keystore
- TRUSTSTOREPASSWORD is the password you want to use to access the truststore
- PATH/TO/KEYSTORE.jks is the relative path to, and filename of, your keystore file
- Alternatively, if you did not yet add your certificate to a keystore, and if you already have a keystore in place, import the certificate into the keystore using the following command:
keytool -import -alias ALIAS -file PATH/TO/CERTIFICATE.CER -keystore PATH/TO/KEYSTORE.jkswhere:- ALIAS is the alias you want to assign to this certificate
- PATH/TO/CERTIFICATE.CER is the relative path to, and filename of, your certificate file
- PATH/TO/KEYSTORE.jks is the relative path to, and filename of, your existing keystore file
- Copy your (new or existing) keystore file to the configuration location of your microservice.
- If you want to pass your HTTPS configuration settings using a configuration file, create a new plain text file containing the following:
https: enabled: true port: PORTNUMBER keystore-path: PATH/TO/KEYSTORE.jks key-alias: ALIAS keystore-passwd: KEYSTOREPASSWORD truststore-passwd: TRUSTSTOREPASSWORDwhere:- PORTNUMBER is the port to use for HTTPS access (omit this line if you use the default port, 8084)
- PATH/TO/KEYSTORE.jks is the relative path to, and filename of, the keystore file (omit this line if you use the default location, config/keystore)
- ALIAS is the alias assigned to this certificate
- KEYSTOREPASSWORD is the keystore password
- TRUSTSTOREPASSWORD is the truststore password
- Save and close this file as application.yml in the root location of the microservice.
- If your microservice is currently running, stop it.
- Do one of the following:
If you have created an application.yml file, start the microservice.
If you have not created an application.yml file, start the microservice with the following command-line parameters:
--https.enabled=true --https.keystore-path=PATH/TO/KEYSTORE.jks --https.port=PORTNUMBER --https.key-alias=ALIAS --https.keystore-passwd=KEYSTOREPASSWORD --https.truststore-passwd: TRUSTSTOREPASSWORDwhere:- PATH/TO/KEYSTORE.jks is the relative path to, and filename of, the keystore file (omit this line if you use the default location, config/keystore)
- PORTNUMBER is the port to use for HTTPS access (omit this line if you use the default port, 8084)
- KEY-ALIAS is the key alias (omit this line if you use the default key alias, tomcat)
- KEYSTOREPASSWORD is the keystore password
- TRUSTSTOREPASSWORD is the truststore password