Using a valid x509 certificate

It is also possible to configure Micronaut to use an existing valid x509 certificate, for example one created with Let’s Encrypt. You will need the server.crt and server.key files and convert them to a PKCS #12 file.

  1. $ openssl pkcs12 -export \
  2.                  -in server.crt \ (1)
  3.                  -inkey server.key \ (2)
  4.                  -out server.p12 \ (3)
  5.                  -name someAlias \ (4)
  6.                  -chain -CAfile ca.crt -caname root
1The original server.crt file
2The original server.key file
3The server.p12 file that will be created
4The alias for the certificate

During the creation of the server.p12 file it is necessary to define a password that will be required later when using the certificate in Micronaut.

Now modify your configuration:

HTTPS Configuration Example

  1. micronaut:
  2.     ssl:
  3.         enabled: true
  4.         keyStore:
  5.             path: classpath:server.p12 (1)
  6.             password: mypassword (2)
  7.             type: PKCS12
1The p12 file created. It can also be referenced as file:/path/to/the/file
2The password defined during the export

With this configuration if we start Micronaut and connect to [https://localhost:8443](https://localhost:8443) we still see the warning on the browser but if we inspect the certificate we can check that it’s the one generated by Let’s Encrypt.

https certificate

Finally we can test that the certificate is valid for the browser just by adding an alias to the domain in /etc/hosts file:

  1. $ cat /etc/hosts
  2. ...
  3. 127.0.0.1   my-domain.org
  4. ...

Now we can connect to [https://my-domain.org:8443](https://my-domain.org:8443):

https valid certificate