Skip to content
Advertisement

Configure Spring Boot’s with custom SSLContext programmatically (for mTLS)

Problem

Programmatically configure Spring Boot’s to use my custom SSLContext. And use for mTLS.

Context

Spring’s documentation provides only one, clear way how to configure SSL (via application.properties):

JavaScript

However, this solution lacks depth as there are scenarios, where I’d like to advantage of customizing my own SSLContext. For example, configuring mTLS to trust not only single certificate generated via keytool, but to trust both my self-signed certificate and ones placed within Java’s default TrustStore (lib/security/cacerts).

Of course, I could combine them using already mentioned keytool, but I’m looking for more flexible approach, hence providing my own SSLContext.

Spring provides a section on Configure the Web Server, which says to use either something like TomcatServletWebServerFactory or ConfigurableServletWebServerFactory, but they do not really go into depth.

I’ve tried creating a Component:

JavaScript

But to no avail.

Advertisement

Answer

This is unfortunately not possible with Spring Boot + Tomcat. It does not have an option to inject a SSLContext, or other properties such as SSLServerSocketFactory or TrustManager or KeyManager.

However if you still want to use Spring Boot and want to configure it fully and if you don’t care what kind of server is used under the covers by Spring boot I would recommend Jetty.

Below is an basic implementation how you can accomplish this with Spring Boot + Jetty:

JavaScript

You also need to tell spring to not use tomcat anymore and switch to jetty. You can do that by adding the following snippet to your pom:

JavaScript
User contributions licensed under: CC BY-SA
1 People found this is helpful
Advertisement