spring-bootssltomcat
Error: unable to verify the first certificate - Springboot
I have written a restful API project which is developed using spring boot and I am using the embedded tomcat and running a jar on a linux server.
The APIs are live at:
https://api.arevogroup.com:8089/api/regions
and I can see the verified and correct SSL as well as in the given screenshot. 
but I am getting an this exception in the postman when I call these apis.
These APIs are consumed by a Xamrin based app which seems to work all good when consumed using iPhone but gives this same exception when the APIs are accessed via android.
I guess, the way I have generated the ssl certificate has some issues.
I have used a pfx file and my SSL config in properties file looks like this:
###SSL Key Info
security.require-ssl=true
server.ssl.key-store-password=PASSWORD
server.ssl.key-store=classpath:ssl_pfx.pfx
server.ssl.key-store-type=PKCS12
- I have 2 questions, if disable the ssl verification, would the communication still be encrypted or not? (man in the middle attack is still possible but the info will still be encrypted, right?).
- If not, how can I fix this?
Solution
security.require-ssl=true
server.ssl.key-store-password=PASSWORD
server.ssl.key-store=keystore.jks
server.ssl.key-store-provider=SUN
server.ssl.key-store-type=JKS
Used the jks file instead of pfx and it worked all good. Thought to share with others too.
- ApplicationContextException: Unable to start ServletWebServerApplicationContext due to missing ServletWebServerFactory bean
- Fake Firebase Auth Tokens for Test Environment
- Kafka topic creation uses wrong configuration
- Spring Boot 3.4.0 Broken HTTP interface
- Lombok not generating getter and setter?
- spring kafka No type information in headers and no default type provided
- Data written to DB in test not avaiable to REST call
- Can I use Java 16 record with JPA entity?
- Spring Boot doesn't use datasource properties
- Recurring AsyncRequestTimeoutException in Spring Boot Admin log
- Different HTTP response code when using Spring Boot web 3.4.1
- Trying to Dockerize Maven Application but got "release version 21 not supported"
- Callback github URI with Oauth2 and Spring Boot 3.4.0 not found after authentication
- How to encrypt value for {cipher} in spring boot?
- Cannot get maven project.version property in a Spring application with @Value
- Jasypt out of maintenance? What to use for encryption with Spring Boot
- Spring Boot Application is not running Flyway migrations on startup
- Spring boot: can a springboot app be deployed to upcloud or vultr cloud services
- spring oauth client (v6.4.2): does not redirect to oauth-server
- Spring Boot - Java Mail - Couldn't connect to host
- @Value not found from application.properties in main @SpringBootApplication class
- Hibernate doesn't creating Join Table on his own
- Intellij not finding my Spring Boot application
- Session not persisted between Spring Boot (Spring Session + MySQL) and Angular frontend
- use spring-boot-starter-oauth2-client to pass the token to Spring Framework release 6 HttpInterface @HttpExchange @GetExchange
- Failed to configure a DataSource: 'url' attribute is not specified and no embedded datasource could be configured
- Blaze Persistence check List contains entry
- Spring Boot Upgrade to 3.3: Issues with @Transactional and AspectJ Weaving
- How to disable Quartz scheduler for dev and stg environment
- Spring Boot - Different systems( eureka , zuul, ribbon, nginx,) used for what?