Enable HTTPS with self-signed certificate in Spring Boot 2.0

1.use " -genkeypair"

keytool -genkeypair -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048  -keystore keystore.p12 -validity 3650
  1. change "server.ssl.key-password" to "server.ssl.key-store-password"

I was getting this horrible Private key must be accompanied by certificate chain error as well on my Spring Boot application with an embedded Tomcat server. It was making me insane.

It turns out a simple typo was my problem:

@Override
public void customize(ConfigurableServletWebServerFactory server) {
    Ssl ssl = new Ssl();
    ssl.setEnabled(true);
    ssl.setKeyStore(keystoreFile);
    ssl.setKeyPassword(keystorePass); // << Should be `setKeyStorePassword` !!!!
    ssl.setKeyStoreType(keystoreType);
    ssl.setKeyAlias(keystoreAlias);

    server.setSsl(ssl);
    server.setPort(sslPort);
}

So the error message is not helpful at all for this case. I hope this helps someone else. Just be sure to verify that you're putting the right passwords (key vs keystore) in the right place. The same issue can happen in a properties based setup - it depends on what you are working with.


The problem is that in your generated keystore you dont have a key pair so there is no private key that's because your using the option -genkey you need to change it by the option -genkeypair :

-genkey generates a Secret Key whereas the -genkeypair generates a key pair (a public key and a private key).

So I think this should work :

keytool -genkeypair -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048  -keystore keystore.p12 -validity 3650

In your spring boot configuration change ":" by "=" and add the path to your keystore I suppose that your keystore.p12 is in your resources folder so :

server.ssl.key-store = classpath:keystore.p12
server.ssl.key-store-password = mypassword
server.ssl.key-store-type = PKCS12
server.ssl.key-alias = tomcat

You made a small mistake in the application.properties file. Please change

server.ssl.key-password=your_password

to

server.ssl.key-store-password=your_password

It will work fine then. Hope it helps! Thank you!