Set custom trust store using JDK11

148 views Asked by At

I want to use a custom trust store that I keep in the repository of my Spring Boot project.

  • I do not want to mess with cacerts that comes with the JDK installed.
  • I do not want to move files in the JDK installation folder to do my deployment.
  • I would prefer to not program any code, only configuration properties or parameters.

I have tried so many properties and configuration, but it seems that java keeps trying to use the cacerts file in its installation folder $JAVA_HOME/lib/security/cacerts, ignoring my configuration.

I have read many different posts (1, 2, 3) and tried many of the methods they describe but they do not work for me.

Does anybody know what are the magic words in order to use the trust store that is in a path different from the default?

If somebody thinks this is a bad idea, I would like to know why and what is actually the correct way of solving my problem.

My project consists of two apps:

  • A Spring Boot application which contains the business logic
  • An application that behaves as the central authenticator.

I need HTTPS in both of them and also they must trust each other since they need to communicate to perform the authentication.

I would like to configure the application to use a trust store that is saved in the repository so that the application works out of the box. Due to that its deployment should be easier and there would be no need to mess up with the file system or trust stores each time we need to do the deployment.

Thank you so much for your help and knowledge in advance.

1

There are 1 answers

1
Ferhat C On

To configure a custom trust store for your Spring Boot project without modifying the JDK's cacerts file, you can use the following approach. This involves specifying the trust store location and password through application properties.

Place the Trust Store in Your Project: Place your custom trust store file (e.g., custom-truststore.jks) in a location within your project. Let's assume it's in the src/main/resources directory.

Update Your application.properties or application.yml file: Add the following properties to your application.properties or application.yml file:

server.ssl.trust-store=classpath:custom-truststore.jks
server.ssl.trust-store-password=your-trust-store-password

Make sure to replace your-trust-store-password with the actual password for your trust store.

Configure SSL for Your Spring Boot Application: Ensure that you have the necessary SSL configuration in your application.properties or application.yml for both of your Spring Boot applications. For example:

server.ssl.enabled=true
server.ssl.key-store=classpath:keystore.p12
server.ssl.key-store-password=your-key-store-password
server.ssl.key-store-type=PKCS12

Adjust these settings based on your specific SSL requirements.

Repeat for the Other Spring Boot Application: Repeat the same configuration for the second Spring Boot application, making sure to use the same trust store and password if they need to trust each other.