SSL endpoint in a standalone SpringBoot application

Published on Mar 20 2025 in Java SpringBoot

To configure HTTPS in a Spring Boot standalone application, you can specify the HTTPS port and SSL certificate settings in your application.properties or application.yml file. Here’s how you can do it:

1. Using `application.properties`:

You can specify the HTTPS port, certificate, and key in the application.properties file like this:

# Specify the HTTP port (already set)
server.port=8080

# Enable HTTPS and set the port
server.ssl.enabled=true
server.ssl.key-store=classpath:keystore.p12  # Path to the keystore
server.ssl.key-store-password=changeit
server.ssl.key-store-type=PKCS12           # Keystore type (can be JKS or PKCS12)
server.ssl.key-alias=mykey                # Alias of the key in the keystore

# Optionally, specify the HTTPS port (default is 8443)
server.ssl.port=8443

server.ssl.enabled=true enables SSL (HTTPS).
server.ssl.key-store specifies the path to the keystore file that contains the SSL certificate.
server.ssl.key-store-password is the password for the keystore.
server.ssl.key-store-type can be either JKS or PKCS12.
server.ssl.key-alias is the alias of the key in the keystore.
server.ssl.port is the HTTPS port (optional, defaults to 8443).

2. Using `application.yml`:

If you’re using application.yml, the configuration would look like this:

server:
  port: 11000  # HTTP port
  ssl:
    enabled: true
    key-store: classpath:keystore.p12
    key-store-password: your_keystore_password
    key-store-type: PKCS12
    key-alias: mykey
    port: 8443  # HTTPS port

3. Using Command Line Arguments:

If you want to specify these settings via command-line arguments when running the application, you can do it like this:

java $JAVA_OPTS -jar your-app.jar --server.port=8080 --server.ssl.enabled=true \
--server.ssl.key-store=classpath:keystore.p12 --server.ssl.key-store-password=changeit \
--server.ssl.key-store-type=PKCS12 --server.ssl.key-alias=mykey --server.ssl.port=8443

4. Creating a Keystore:

If you don’t have a keystore yet, you can generate one using the following keytool command (provided by Java):

keytool -genkeypair -v -keystore keystore.p12 -keyalg RSA -keysize 2048 -storetype PKCS12 -validity 3650 -alias mykey

This will generate a keystore.p12 file that contains the certificate and key, and you’ll be able to use it in your application.

To build a keystore from a PEM certificate chain and reslated private key see Build Java keystore using PEM certificate chain and key

After setting up these configurations, your Spring Boot application will serve both HTTP and HTTPS on the specified ports.

Articles