1. Introduction
In this quick tutorial, we’ll set up a Spring WebClient for HTTPS requests.
Securing HTTP communication with encryption makes it difficult for attackers to tamper with user data. Nowadays, it is the default for most modern applications that integrate with other services.
In this guide, we’ll start with a certificate and key file verification, then move on to configure Spring WebClient.
2. Verifying Certificate and Key Files
First, we’ll verify that our certificate and key file have the same MD5. Doing so ensures that the certificate and key have not been modified.
We can use openssl to display the MD5 hash:
openssl x509 -noout -modulus -in yourCertificate.crt | openssl md5
Similarly, we can do the same for the key file:
openssl rsa -noout -modulus -in yourPrivateKey.key | openssl md5
Matching outputs from both commands confirm that your certificate and key are aligned.
We can test the certificate and key with a CURL:
curl -v --cert yourCertificate.crt --key yourPrivateKey.key https://yourEndpoint.com
Now, we can move on to convert the certificate and key to PKCS12 format.
3. Converting Certificate and Key to PKCS12 Format
To configure Spring WebClient, we need to convert the certificate PKCS12 format.
Again, let’s use openssl to get the PKCS12 formatted file:
openssl pkcs12 -export -in yourCertificate.crt -inkey yourPrivateKey.key -out certificate.p12
Running the command above will prompt us to create a password. Insert one of your choice and save it somewhere, as we’ll reuse it when configuring the SslContext for the WebClient.
Now, we have a certificate.p12 file that we can use to configure our application.
4. Configuring the SSLContext
Finally, we can create a SslContext that reads the file we created previously, along with the password we set.
We’ll use the SslContextBuilder to create the SslContext:
SslContext sslContext = SslContextBuilder.forClient().keyManager(
new FileInputStream("pathToP12CertificateFile"),
"password".toCharArray()).build();
Now, the sslContext can be used to create a WebClient bean that can make secure HTTPS calls:
@Bean
private WebClient getSecureWebClient() {
HttpClient httpClient = HttpClient.create().secure(sslSpec -> sslSpec.sslContext(getSSLContext()));
ClientHttpConnector clientHttpConnector = new ReactorClientHttpConnector(httpClient);
return WebClient.builder()
.clientConnector(clientHttpConnector)
.build();
}
Using this WebClient to make secure HTTPS requests is as simple as injecting the WebClient bean into our service:
@Service
public class MyService {
private final WebClient webClient;
public MyService(WebClient webClient) {
this.webClient = webClient;
}
public Mono<String> getSecureData() {
return webClient.get()
.uri("https://yourEndpoint.com")
.retrieve()
.bodyToMono(String.class);
}
}
In fact, we don’t need to do anything special in our service to make secure HTTPS requests. The WebClient bean we created will handle everything for us.
5. Conclusion
In this tutorial, we converted a certificate and key file to PKCS12 format and configured a WebClient to make secure HTTPS requests.
Finally, we showed how we can use the WebClient to make secure HTTPS requests in our service.