Simple Self-Signed JKS for Spring-Boot

The VERY LAZY but Functional Way to Trust a Self-Signed Certificate

Step 1: Generate your Java Keystore

keytool -genkeypair -alias cis-18 -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore cis-18.p12 -validity 3650

* Remember your keystore password from the step shown below, you’ll need it:

Enter keystore password:
Re-enter new password:

* Example Answers

Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  Trevor Hartman
What is the name of your organizational unit?
  [Unknown]:  Computer Information Systems
What is the name of your organization?
  [Unknown]:  College of the Redwoods
What is the name of your City or Locality?
  [Unknown]:  Eureka
What is the name of your State or Province?
  [Unknown]:  California
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=Trevor Hartman, OU=Computer Information Systems, O=College of the Redwoods, L=Eureka, ST=California, C=US correct?
  [no]:  yes

Step 2: Import Keystore Into Android Device

• Copy cis-18.p12 certifcate to your Android Phone
• Settings >> Password & Security >> System Security >> Credential Storage >> Install certificates from Storage >> VPN & app user certificates
• Select the certificate you want to import from your file-system
• Type the certificate password to import it
• Type the alias and you’re good to go (No more annoying SSL errors).

Development

You will also need this certificate for local development in your Springboot App if you wish to use SSL for mvn spring-boot:run.

server.port=8080
# The format used for the keystore. It could be set to JKS in case it is a JKS file
server.ssl.key-store-type=PKCS12
# The path to the keystore containing the certificate
server.ssl.key-store=keystore/cis-18.p12
# The password used to generate the certificate
server.ssl.key-store-password=[keystore password]
# The alias mapped to the certificate
server.ssl.key-alias=cis-18
# Accept only HTTPS requests
server.ssl.enabled=true
server.ssl.protocol=TLS