Securing the microservice with HTTPS

You can secure your microservice with HTTPS when you (re)start your microservice, either by supplying command-line parameters or by creating a separate application.yml file in which you specify parameters.

Procedure

  1. Access the machine on which the microservice is installed.
  2. If you do not yet have a valid HTTPS certificate, obtain one in the form of a .cer file.
  3. If you did not yet add your certificate to a keystore, and if you do not yet have a keystore in place, create one using the following command (on a single line):
    keytool -genkey -alias ALIAS -keyalg RSA -keypass KEYSTOREPASSWORD 
      -storepass TRUSTSTOREPASSWORD -keystore PATH/TO/KEYSTORE.jks
    where:
    • keytool is the Java keytool executable (found in %JAVA_HOME%\bin\)
    • ALIAS is the alias you want to assign to this certificate
    • KEYSTOREPASSWORD is the password you want to use to access the keystore
    • TRUSTSTOREPASSWORD is the password you want to use to access the truststore
    • PATH/TO/KEYSTORE.jks is the relative path to, and filename of, your keystore file
  4. Alternatively, if you did not yet add your certificate to a keystore, and if you already have a keystore in place, import the certificate into the keystore using the following command:
    keytool -import -alias ALIAS -file PATH/TO/CERTIFICATE.CER -keystore PATH/TO/KEYSTORE.jks
    where:
    • ALIAS is the alias you want to assign to this certificate
    • PATH/TO/CERTIFICATE.CER is the relative path to, and filename of, your certificate file
    • PATH/TO/KEYSTORE.jks is the relative path to, and filename of, your existing keystore file
  5. Copy your (new or existing) keystore file to the configuration location of your microservice.
  6. If you want to pass your HTTPS configuration settings using a configuration file, create a new plain text file containing the following:
    https:
      enabled: true
      port: PORTNUMBER
      keystore-path: PATH/TO/KEYSTORE.jks
      key-alias: ALIAS
      keystore-passwd: KEYSTOREPASSWORD
      truststore-passwd: TRUSTSTOREPASSWORD
    where:
    • PORTNUMBER is the port to use for HTTPS access (omit this line if you use the default port, 8084)
    • PATH/TO/KEYSTORE.jks is the relative path to, and filename of, the keystore file (omit this line if you use the default location, config/keystore)
    • ALIAS is the alias assigned to this certificate
    • KEYSTOREPASSWORD is the keystore password
    • TRUSTSTOREPASSWORD is the truststore password
  7. Save and close this file as application.yml in the root location of the microservice.
  8. If your microservice is currently running, stop it.
  9. Do one of the following:
    • If you have created an application.yml file, start the microservice.

    • If you have not created an application.yml file, start the microservice with the following command-line parameters:

      --https.enabled=true
        --https.keystore-path=PATH/TO/KEYSTORE.jks
        --https.port=PORTNUMBER
        --https.key-alias=ALIAS
        --https.keystore-passwd=KEYSTOREPASSWORD
        --https.truststore-passwd: TRUSTSTOREPASSWORD
      where:
      • PATH/TO/KEYSTORE.jks is the relative path to, and filename of, the keystore file (omit this line if you use the default location, config/keystore)
      • PORTNUMBER is the port to use for HTTPS access (omit this line if you use the default port, 8084)
      • KEY-ALIAS is the key alias (omit this line if you use the default key alias, tomcat)
      • KEYSTOREPASSWORD is the keystore password
      • TRUSTSTOREPASSWORD is the truststore password