SSL Certificate inclusion in spring boot application with embedded server

Problem Statement: After adding certificate to the required directory and entering detail in our file, Application failed to start due to the errors specified in the attached log file.(SSL)log.txt (5.1 KB)

My domain is:

I ran this command: certbot certonly --standalone

It produced this output: Requesting certificate for

My web server is (include version): Not Applicable

The operating system my web server runs on is (include version): Windows server 2016

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.19.0

Based on the Java exception

Caused by: parseAlgParameters failed: ObjectIdentifier() -- data isn't an object ID (tag = 48)
	... 20 common frames omitted

I would guess that the keystore (supplied by you? How have you confgured this?) is broken.

1 Like

Hi Nummer378, Thanks for the Interest. For your Information I have generated the certificate for the certbot using command certbot certonly --standalone and after we have converted the certificate from PEM to PKCS12 format.
After that we have copied the certificate to main/src/resources/certificate.p12 and then entered the required configuration to our file with the following commands.

server.port: 8443
server.ssl.keyStoreType: PKCS12

After all, we tried to launch our application, and it throws these exceptions.

1 Like

When you created your p12 file (same as PFX) how exactly are you doing it? Java may need the Triple DES algorithm rather than AES but it will depend what version of java you are using.

For current versions of Tomcat, also has a built in tomcat export deployment task: Apache Tomcat | Certify The Web Docs - other clients may be able to do the same.

Is it?

As @webprofusion mentioned, there may be different ways to do this step.
And you may have omitted a required password (who knows? - we sure don't).

Have you ever had these exact set of steps work before?
If so, then what has changed since then?
If not, then where did you get the instructions? (and did you follow them all as directed?)

Hi @webprofusion, we have converted our certificate from PEM to PKCS12 by an open source tool named as openssl by using the command.

openssl pkcs12 -export -in C:\Certbot\live\\fullchain.pem -inkey C:\Certbot\live\\privkey.pem -out C:\Certbot\live\\certificate.p12 -CAfile C:\Certbot\live\\chain.pem -caname root

and currently we are using java version "1.8.0_91".

Hi @rg305, url is just for this post only and we are sure that we have included the password at the time of certificate generation.
These exact set of steps we haven't implemented before, so for now we looked on web for the configuration of ssl certificate with the spring boot application.

followed the exact steps as they are given on above website.

You should use "redacted.domain" or "fake.domain_name" or something that actually makes that obvious. is from a real domain (that belongs to Microsoft).

These steps seems a little bit different that what you've executed:

Note: There is a "\" missing in their instructions at the end of the first line #3

Differences are:
-name tomcat [missing line]
C:\Certbot\live\\ [missing path for P12 file]
server.ssl.keyAlias: tomcat [missing line]

1 Like

Commonly the domains and equivalent TLDs are used.

And yet even that is an actual real/registered domain:

Addresses: 2606:2800:220:1:248:1893:25c8:1946


Actually IANA permits this domain to be used for this very purpose - you are so smart - LOL

They even have a cert for it:

1 Like

Thanks @webprofusion we have generated the certificate using and applied successfully.

1 Like

Can anyone help me with, how we can apply the certificate which is password protected that I have created from the certify the web application.

I am writing this config for my file:

server.ssl.key-store=classpath: certificate.pfx
server.ssl.key-store-password= demoPassword

After applying the certificate, when I try to run the application it throws the Port listening error.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.