To be able to expose a Spring Boot application as a HTTPS/TLS Server, it is needed to first populate a new CA Selfsigned certificate using the Certificate Manager deployed on a k8s cluster.
This can be achieved by running the following bash scripts:
HOSTNAME=localhost \
NAMESPACE=demo \
STORE_PASSWORD=supersecret \
./scripts/gen-ca-selfsign-cert-manager.sh
STORE_PASSWORD=supersecret \
HOSTNAME=localhost \
./scripts/get_store.sh
HOSTNAME=localhost ./scripts/get_cert_from_secret.sh ca.crt
HOSTNAME=localhost ./scripts/get_cert_from_secret.sh tls.crtNext copy the files keystore.p12 and truststore.p12 available under the folder _temp/cert-manager within
the resource folder of the Spring Boot project ./spring-boot/src/main/resources
cp ./_temp/cert-manager/*.p12 ./spring-boot/src/main/resourcesNext compile and launch the project
cd spring-boot
mvn package spring-boot:run
cd ..Finally, use curl to call the HTTPS endpoint
curl --cacert _temp/cert-manager/ca.crt https://localhost:8443