Using a valid x509 certificate
It is also possible to configure Micronaut to use an existing valid x509 certificate, for example one created with Let’s Encrypt. You will need the server.crt
and server.key
files and convert them to a PKCS #12 file.
$ openssl pkcs12 -export \
-in server.crt \ (1)
-inkey server.key \ (2)
-out server.p12 \ (3)
-name someAlias \ (4)
-CAfile ca.crt -caname root
1 | The original server.crt file |
2 | The original server.key file |
3 | The server.p12 file that will be created |
4 | The alias for the certificate |
During the creation of the server.p12
file it is necessary to define a password that will be required later when using the certificate in Micronaut.
Now modify your configuration:
HTTPS Configuration Example
micronaut:
ssl:
enabled: true
keyStore:
path: classpath:server.p12 (1)
password: mypassword (2)
type: PKCS12
1 | The p12 file created. It can also be referenced as file:/path/to/the/file |
2 | The password defined during the export |
With this configuration if we start Micronaut and connect to [https://localhost:8443](https://localhost:8443)
we still see the warning on the browser but if we inspect the certificate we can check that it’s the one generated by Let’s Encrypt.
Finally we can test that the certificate is valid for the browser just by adding an alias to the domain in /etc/hosts
file:
$ cat /etc/hosts
...
127.0.0.1 my-domain.org
...
Now we can connect to [https://my-domain.org:8443](https://my-domain.org:8443)
: