I can run my Grails 3.3.8 application with HTTPS by using -https argument (https://docs.grails.org/latest/ref/Command%20Line/run-app.html).
grails run-app -https
Application is accessible on https://localhost:8444 (I use custom port, 8443 is default).
I have created a runnable war file using a grails package command, as mentioned in https://docs.grails.org/latest/guide/deployment.html. After executing
java -jar PATH_TO_APP\myapp-0.1.war
application runs correctly on http://localhost:8080.
I can't figure out though how to run this jar with -https argument, so it's accessible on https://localhost:8444 - as with grails run-app -https. Can I make runnable jar/war run in HTTPS mode? Or maybe I can default my application to run with -https?
jar with --Dserver.port.https=8444 parameter - to no effect.grails package -https - I don't know what I expected.I have configured this application to use a certificate and custom port, but I don't think it matters an this point:
-> build.gradle.
bootRun {
jvmArgs("-Dspring.output.ansi.enabled=always")
addResources = true
String springProfilesActive = "spring.profiles.active"
systemProperty springProfilesActive, System.getProperty(springProfilesActive)
systemProperty "server.port", "8444"
systemProperty "server.ssl.enabled", "true"
systemProperty "server.ssl.key-store", System.getProperty("user.home") + "/certificates/cert.p12"
systemProperty "server.ssl.key-store-password", "secret"
systemProperty "server.ssl.key-password", "secret"
}
I re-exported my certificate with an alias tomcat:
openssl pkcs12 -export -out ia.p12 -inkey ia.key -in ia.crt -chain -CAfile ca.crt -name tomcat,
and imported it with keystore command (I'm on Windows using Windows Subsystem for Linux)
/mnt/c/Program\ Files/Java/jdk1.8.0_191/bin/keytool.exe -importkeystore -srckeystore cert.p12 -srcstoretype pkcs12 -srcalias tomcat -destkeystore keystore.jks -deststoretype jks -deststorepass secret -destalias tomcat,
and then migrated it to PKCS12 after keystore warning
/mnt/c/Program\ Files/Java/jdk1.8.0_191/bin/keytool.exe -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12.
I placed keystore.jks in root of application folder (I also tried /src/main/resources) and modified my application.yml file by adding
server:
port: 8444
ssl:
key-password: secret
key-store-password: secret
key-store: keystore.jks
key-store-type: PKCS12
key-alias: tomcat
Application won't start throwing error DerInputStream.getLength(): lengthTag=109, too big or - after commenting out key-store-type: PKCS12: Alias name [tomcat] does not identify a key entry.
If you were to generate the key with these options:
keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 365
application.yml/groovy:
server:
port: 8444
ssl:
key-store: keystore.p12
key-store-password: whatYouSetWhenGeneratingKeytool
keyStoreType: PKCS12
keyAlias: tomcat
Your app will start with ssl - though the output will say http, it's actually https:
$ ./gradlew assemble
$ java -jar build/libs/ssltest-0.1.jar
Grails application running at http://localhost:8444 in environment: production
Tested with Grails 3.3.8.
The embedded tomcat/container is provided by spring-boot so take a look at their docs for a lot more info/options.