Integrating CA Certificate (Not Self-signed) with Spring Boot?

Question

My Client wants me to integrate their CA certificate to Spring Boot app. I am used to on self-signed certificate, but not this one. Yet, I have followed the below step to gain so.

For Creating keystore: keytool -genkeypair -alias mydomain.im -keyalg RSA -keysize 2048 -storetype JKS -keystore ./springboot.jks -validity 3650 -storepass mypassword

For verifying the jks: keytool -list -v -keystore springboot.jks

For importing the CA: keytool -import -trustcacerts -alias rootCA -file springboot-ca.crt -keystore ./springboot.jks -storepass mypassword

Spring Boot application.properties relevant contents are below:

server.port: 8443
server.ssl.key-store: classpath:springboot.jks
server.ssl.key-store-password: mypassword
server.ssl.key-store-type: jks
server.ssl.key-alias: mydomain.im
server.ssl.key-password: mypassword

Now, if I access it from browser https://www.mydomain.im:8443/hello, it shows Not secured. But expecting padlock in browser.

I am sure that I am missing some important steps.

Appreciate, any help. Thanks.

Answer 1

You want to setup SSL, so you need valid domain certificate issued from the valid & trusted CA. You need root certificate (CA), intermediate certificates (if any) and end entity certificate i.e domain certificate for configuring SSL.

Just mentioning the abstract process for obtaining & using the certificates.

Generate keypair.
Create CSR.
Submit to CA.
CA will validate and issue the certificate.
You need to place the domain certificate and entire chain up to root CA on the server.

Updated: I've added the example of the google.com domain to whom GTS CA 1C3 which is sub-CA issued the certificate. The root authority or CA has further sub-ca's to perform the issuance duties. So you need to configure the entire chain.

Example