Defining trust-store and key-store information in spring boot application with external tomcat

Question

I have configured my trustsore and keystore information in the external tomcat's server.xml in the Connector tag. The certificates are stored in the tomcat's /base/lib directory. I need to deploy a spring boot application to this external tomcat.

1. How can I make the information about trustsore and keystore available to the spring boot application?
2. Where in the spring boot application do I need to store the trsustore and keystore .jks files?

I did the same with the datasource in Resource tag in server.xml, and in spring boot application I used spring.datasource.jndi-name=some name to jndi. How can I configure the same for trsustore and keystore?

Answer 1

The keystore and truststore in Tomcat's <Connector> have a single purpose:

• the keystore contains the certificate (and private key) used by the server's SSL port,
• the truststore contains the list of CAs, which are trusted if mutual SSL authentication is enabled.

Therefore these settings are specific to each deployment of your application. You shouldn't provide them yourself.

You should only provide system administrators a way to configure those settings. In your case Spring Boot already takes care of it (cf. server.ssl properties).

See also:

• What is the difference between javax.net.ssl.keyStore and server.ssl.key-store properties when specifying keystore for a SpringBoot app