Using a valid x509 certificate

It is also possible to configure Micronaut to use an existing valid x509 certificate, for example one created with Let’s Encrypt. You will need the server.crt and server.key files and to convert them to a PKCS #12 file.

  1. $ openssl pkcs12 -export \
  2.                  -in server.crt \ (1)
  3.                  -inkey server.key \ (2)
  4.                  -out server.p12 \ (3)
  5.                  -name someAlias \ (4)
  6.                  -chain -CAfile ca.crt -caname root
1The original server.crt file
2The original server.key file
3The server.p12 file to create
4The alias for the certificate

During the creation of the server.p12 file it is necessary to define a password that will be required later when using the certificate in Micronaut.

Now modify your configuration:

HTTPS Configuration Example

  1. micronaut:
  2.   ssl:
  3.     enabled: true
  4.     keyStore:
  5.       path: classpath:server.p12 (1)
  6.       password: mypassword (2)
  7.       type: PKCS12
1The p12 file. It can also be referenced as file:/path/to/the/file
2The password defined during the export

With this configuration, if we start Micronaut and connect to [https://localhost:8443](https://localhost:8443) we still see the warning in the browser, but if we inspect the certificate we can check that it is the one generated by Let’s Encrypt.

https certificate

Finally, we can test that the certificate is valid for the browser by adding an alias to the domain in /etc/hosts file:

  1. $ cat /etc/hosts
  2. ...
  3. 127.0.0.1   my-domain.org
  4. ...

Now we can connect to [https://my-domain.org:8443](https://my-domain.org:8443):

https valid certificate