- Provides a RESTful API to store and query data related to a smart meter
- Provides a RESTful API to store and query data related to environmental sensor readings (temperature and humidity)
- Ability to send gas meter readings to mindergas.nl on a daily basis
keytool -genkeypair -alias home-server-localhost -dname "cn=localhost, ou=home-server, o=home-server, l=Deventer, s=Overijssel, c=NL" -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore home-server-localhost-keystore.p12 -validity 3650 -ext san=dns:localhost,ip:127.0.0.1,ip:::1
When prompted for a password, supply a strong one, you could for example generate one on https://passwordsgenerator.net/.
For more information about keytool, see keytool tutorial by Oracle.
If you omit the -ext san=
... part, Chrome Developer Tools complains with a message like Invalid self signed SSL cert
and Subject Alternative Name Missing
keytool -export -alias home-server-localhost -keystore home-server-localhost-keystore.p12 -rfc -file home-server-localhost.cer
This command effectively:
- Reads from the keystore file named
home-server-localhost-keystore.p12
. - Looks in that file for the alias named
home-server-localhost
. - Exports the public key to the new file named
home-server-localhost.cer
.
For more information about the content of the -dname
parameter, see:
Certificate Attributes tutorial by Oracle.
Add to application.properties
:
# The format used for the keystore. It could be set to JKS in case it is a JKS file
server.ssl.key-store-type=PKCS12
# The path to the keystore containing the certificate
server.ssl.key-store=classpath:home-server-localhost-keystore.p12
# The password used to generate the certificate
server.ssl.key-store-password=<replace with password that was created in step "Create keystore with a self-signed certificate">
# The alias mapped to the certificate
server.ssl.key-alias=home-server-localhost
Futhermore:
- Make sure to require a secure channel:
public void configure(final HttpSecurity http) throws Exception {
http
.requiresChannel()
.anyRequest().requiresSecure()
.and()
- Change the server port, 443 is the default port for https, example
application.properties
:
server.port=8443
keytool -importcert -file home-server-localhost.cer -keystore home-sensors-truststore-localhost.p12 -alias "home-server-localhost"
When prompted for a password, supply a strong one, you could for example generate one on https://passwordsgenerator.net/. Use a different password than the one used for the keystore (see "Create keystore with a self-signed certificate").
Add VM options:
-Djavax.net.ssl.trustStore=<absolute-path-to->home-sensors-truststore-rpi.p12 -Djavax.net.ssl.trustStorePassword=<password, see "Create a truststore">
When connection fails, add the following VM option and retry: -Djavax.net.debug=all
. Inspect the logging for hints about what is wrong.
Furthermore read the following acticle Handshake failure scenarios on Baeldung