how to make web application accessible from https in java

java web-applications https web ssl-certificate
19,179

Solution 1

You will need an SSL certificate to serve an SSL application. The issue with an SSL certificate is that it needs to be trusted by the browser, so if you are having people use the application you need to get a real SSL certificate from a certificate provider, like Godaddy or many others. For testing purposes you can make a "self-signed" certificate which can be used, but the client using the browser will get warnings indicating problems with the certificate.

There is no way to get a real SSL certificate for free.

I trust from this answer you can make the appropriate google queries to get you on your way.

Solution 2

You need an SSL certificate approved by a CA (certificate authority) so your clients will not get a warning in their browsers when they use your webapp. For such a certificate to be obtained, you generally have to pay some money to the CA. However, for testing purposes you can use a self-signed certificate.

You can generate a self-signed certificate and put it on your server. Later you can replace it with a real certificate. If you already have the real certificate, just skip to step 2 of my answer. The methods for generating a self-signed certificate differ but basically you have to do the following (abstraction):

1. Generate a self signed certificate:

You can use numerous tools and programs for that but somehow I find the most popular ways to generate a self signed certificate are:

a) java's keytool - http://docs.oracle.com/javase/1.4.2/docs/tooldocs/windows/keytool.html b) openssl - http://www.sslshopper.com/article-most-common-openssl-commands.html

Both methods are absolutely equivalent and it is a matter of preference which one you use (I use openssl)

2. Put this certificate in your servlet container/application server.

There are many servlet containers and application servers and the instructions for putting the certificate there vary even between different versions of the servers/containers and chosen configuration. Below I will list the ones I believe are most popular with youth nowadays...

a) tomcat 7 - http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

b) glassfish - http://artur.ejsmont.org/blog/content/how-to-generate-self-signed-ssl-certificate-for-glassfish-v3-and-import-it-into-java-keyring

c) jbossWeb (Servlet Container) - http://docs.jboss.org/jbossweb/3.0.x/ssl-howto.html

Solution 3

I realise this is very old thread, but you can get nowadays free certificates from a CA (Certificate Authority) called Let's Encrypt. Obtaining a certificate is quite easy using Certbot ACME protocol client (Automatic Certificate Management Environment) https://certbot.eff.org/. The client requires root access in your server.

1) Install Cerbot using certbot-auto script

wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto --help

2) Fetch a license either using standalone plugin or webroot plugin. Standalone opens a small server to port 80 or 443 so either port must be free. Webroot uses an existing running server. With standalone run command

certbot-auto certonly --standalone --standalone-supported-challenges http-01 -d yourdomain.com

With both webroot plugin and standalone plugin the certonly option certbot will fetch a certificate and store it to /etc/letsencrypt/live/.

3) Certificates from Let's Encrypt are short lived (only 90 days) so remember to renew those

certbot-auto renew

4) After you have your certificate, you need to convert it to PKCS12 format and store it to Java keystore. 

openssl pkcs12 -export -in /etc/letsencrypt/live/yourdomain.com/fullchain.pem -inkey /etc/letsencrypt/live/yourdomain.com/privkey.pem -out /etc/letsenscrypt/live/yourdomain.com/pkcs.p12 -name mytlskeyalias -passout pass:mykeypassword

keytool -keystore /path/to/my/keystore -delete -alias ‘mytlskeyalias’ -storepass ‘mystorepassword’

keytool -importkeystore -deststorepass mystorepassword -destkeypass mykeypassword -destkeystore /path/to/my/keystore -srckeystore /etc/letsencrypt/live/mydomain.com/pkcs.p12 -srcstoretype PKCS12 -srcstorepass mykeypassword -alias mytlskeyalias

All steps are described in more detail in https://vaadin.com/blog/-/blogs/enabling-https-in-your-java-server-using-a-free-certificate

Then follow Nikola Yovchev's links for specific Servlet Containers to enable SSL/TLS.

Share:
19,179
sudo
Author by

sudo

Updated on June 04, 2022

Comments

  • sudo
    sudo almost 2 years

    I want to make the web application accessible from https in java. I am newbie in this field. I have read from some blog that it can be make by producing some sort of certificate to identity. Is there have any site providing to produce free certificate?Can i have any blog or site to refer.

    thanks

  • Cratylus
    Cratylus over 12 years
    @ Francis:I don't agree with the way you phrase your answer.In the end what is a real SSL certificate?If you create a self signed SSL certificate and you configure it as trusted then what is it that makes it not real, as you phrase it?It is a matter of who you trusted and who is the authority that verifies you, but IMHO the term real is not a good one.
  • T G
    T G about 5 years
    Regarding step 4: it worked as is for me on one system. On another, I would get errors "javax.crypto.BadPaddingException: Given final block not properly padded". But since keytool was also saying "jks format proprietary - use pkcs12" as a warning, I tried just skipping the keytool -importkeystore step, and used the pkcs.p12 file produced by openssl, and that worked just fine! (That approach might not work if you need to work with more than one certificate, though.)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Where is the location of Keystore file in JAVA?
Handling an invalid security certificate using MATLAB's urlread command
Why does my browser think that https://1.1.1.1 is secure?
How to deploy Java Web Application in Hostgator?
Java CertificateException in Domino 9 when trying to access HTTPS URL
Difference between Website and WebApplication?
Adding certificate to keystore using java code
how to check SSL certificate expiration date programmatically in Java
How to fix the "java.security.cert.CertificateException: No subject alternative names present" error?
Converting a Java Keystore into PEM Format