Spring cloud config on HTTPS using Eureka
Short tutorial how to configure Spring Cloud Config Server to work on HTTPS and configure some microservice to read from it over HTTPS, also since I am using Eureka I’ve included that part of configuration also.
First of all, this is done locally so for development purposes we have to create SSL certificate, I am using windows and I will generate my certificate in C:\certs using keytool from JDK. To do this, We are executing following command:
keytool -genkeypair -alias configdev -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore configdev.p12 -validity 3650
After this is executed we have to populate some info including password, important thing is to set name to localhost if you re using this certificate locally
After this is created we need to create cert file from our p12 file, we use this command for that
keytool -keystore configdev.p12 -storetype pkcs12 -exportcert -file configdev.crt -rfc -alias configdev
And then we have to add this certificate to our jdk, same jdk that project uses
keytool -import -alias configdev -keystore “C:\Program
Files\Java\jre1.8.0_231\jre\lib\security\cacerts” -file “C:\cert\configdev.crt”
Now we can configure our Spring cloud config project, we have to edit application.properties file and add following lines to tell our project to start on https instead on http
server.ssl.enabled=true
server.ssl.key-store-type=PKCS12
server.ssl.key-store=C:/certs/configdev.p12
server.ssl.key-store-password=pass
server.ssl.key-alias=configdev
If you are using Eureka like I do, you need to add following lines to tell eureka that this project uses https not http
eureka.instance.non-secure-port-enabled=false
eureka.instance.secure-port-enabled=true
eureka.instance.statusPageUrl:‘https://${eureka.instance.hostName}:${server.port}/info'
eureka.instance.healthCheckUrl:‘https://${eureka.instance.hostName}:${server.port}/health'
eureka.instance.homePageUrl:‘https://${eureka.instance.hostName}:${server.port}/'
And final part is to setup microservice which uses Spring cloud config, we need to edit bootstrap.properties for that project and add following lines
trust.store=C:/certs/configdev.p12
trust.store.password=pass
That’s it :)