Adding the client certificates to spring boot application

I'm new to the Java development. We have an external system which issues the cert certificates so I have to use those certificates in my application in order to make calls. I don't want to add those certificates into key-store but I want to add in my spring boot application.

We are deploying this application into the Kubernetes cluster or is there any way we can add these certificates in the Kubernetes cluster so JVM will pick them. The tech stack we are Java 8, spring boot, spring integration, docker, kubernetes(GKE).

1 answer

  • answered 2018-10-18 19:38 Rico

    You can follow something like this.

    Basically, use Kubernetes Secrets to store your certificates. Java understands keystores so you'll have to convert them to that, but that in of itself can be stored in Kubernetes secrets. For example, you can use something like this, to create a keystore:

    openssl pkcs12 -export -inkey $keyfile -in $crtfile -out $keystore.pkcs12 -password pass:$password
    keytool -importkeystore -noprompt -srckeystore $keystore.pkcs12 -srcstoretype pkcs12 -destkeystore $keystore.jks -storepass $password -srcstorepass $password
    

    And something like this to create a truststore from a CA bundle:

    csplit -z -f crt- service-ca.crt '/-----BEGIN CERTIFICATE-----/' '{*}'
    for file in crt-*; do keytool -import -noprompt -keystore truststore.jks -file $file -storepass changeit -alias service-$file; done