LIGHT

  • News
  • Docs
  • Community
  • Reddit
  • GitHub

Install Certificate

For all light-4j instances, it is highly recommended to use HTTPS/HTTP2 instead of HTTP unless your infrastructure doesn’t support HTTPS. That is why HTTPS/2 are enabled right out of the light-codegen with a set of built-in keystores and truststores for development. Before moving to an official testing environment, you need to replace the self-signed certificates with your self-signed or commercial certificates. Please be aware that client.yml, client.keystore, and client.truststore will only be generated when you have the following config attribute in the config.json for light-codegen input. You need to enable this flag if your service is going to call other services in the call stack.

"supportClient": true,

If you are unsure what kind of certificate should be used in your use case, please refer to Self-signed vs CA-signed certificate for more info. From the process perspective, there is no difference between a CA-signed or self-signed certificate.

The following tutorial will only focus on the server side configuration. If you want to setup client-side certificate, please follow adding server certificate to client.truststore for one-way TLS.

You can use the existing server.keystore and replace the default certificate with the new one, but we don’t recommend it as the process is a little bit more complicated and error-prone. It is easier to create your server.keystore with the certificate you have. Different vendors will have different formats with their issued certificate. Sometimes you will get two files, and sometimes you will get three files. There will be a lot of tutorials on the Internet on how to use Java keytool to create .keystore with varying formats of the certificate. You vendor might have a guideline for Java application as well. If you are using Let’s Encrypt, then you can follow this CA-signed certificate tutorial to create a server.keystore.

If you want a quick reference of Java keytool, please refer to keytool.

Often, the public tutorial will use .jks as the file extension. It is OK for one-way TLS but might be confusing if two-way TLS is in use. It is a good idea to stay with the convention of light-4j and name your file as server.keystore.

Once the file is created, copy it into the config folder and update the server.yml to specify the filename.

# Keystore file name in config folder. KeystorePass is in secret.yml to access it.
keystoreName: server.keystore

During the creation of server.keystore, two passwords need to be captured. They need to be input into the secret.yml file.

# Sever section

# Key store password, the path of keystore is defined in server.yml
serverKeystorePass: password

# Key password, the key is in keystore
serverKeyPass: password

If you config folder is externalized, then you need to restart your service. Otherwise, you need to rebuild the server and restart it to ensure that the new certificate is used.

  • About Light
    • Overview
    • Testimonials
    • What is Light
    • Features
    • Principles
    • Benefits
    • Roadmap
    • Community
    • Articles
    • Videos
    • License
    • Why Light Platform
  • Getting Started
    • Get Started Overview
    • Environment
    • Light Codegen Tool
    • Light Rest 4j
    • Light Tram 4j
    • Light Graphql 4j
    • Light Hybrid 4j
    • Light Eventuate 4j
    • Light Oauth2
    • Light Portal Service
    • Light Proxy Server
    • Light Router Server
    • Light Config Server
    • Light Saga 4j
    • Light Session 4j
    • Webserver
    • Websocket
    • Spring Boot Servlet
  • Architecture
    • Architecture Overview
    • API Category
    • API Gateway
    • Architecture Patterns
    • CQRS
    • Eco System
    • Event Sourcing
    • Fail Fast vs Fail Slow
    • Integration Patterns
    • JavaEE declining
    • Key Distribution
    • Microservices Architecture
    • Microservices Monitoring
    • Microservices Security
    • Microservices Traceability
    • Modular Monolith
    • Platform Ecosystem
    • Plugin Architecture
    • Scalability and Performance
    • Serverless
    • Service Collaboration
    • Service Mesh
    • SOA
    • Spring is bloated
    • Stages of API Adoption
    • Transaction Management
    • Microservices Cross-cutting Concerns Options
    • Service Mesh Plus
    • Service Discovery
  • Design
    • Design Overview
    • Design First vs Code First
    • Desgin Pattern
    • Service Evolution
    • Consumer Contract and Consumer Driven Contract
    • Handling Partial Failure
    • Idempotency
    • Server Life Cycle
    • Environment Segregation
    • Database
    • Decomposition Patterns
    • Http2
    • Test Driven
    • Multi-Tenancy
    • Why check token expiration
    • WebServices to Microservices
  • Cross-Cutting Concerns
    • Concerns Overview
  • API Styles
    • Light-4j for absolute performance
    • Style Overview
    • Distributed session on IMDG
    • Hybrid Serverless Modularized Monolithic
    • Kafka - Event Sourcing and CQRS
    • REST - Representational state transfer
    • Web Server with Light
    • Websocket with Light
    • Spring Boot Integration
    • Single Page Application
    • GraphQL - A query language for your API
    • Light IBM MQ
    • Light AWS Lambda
    • Chaos Monkey
  • Infrastructure Services
    • Service Overview
    • Light Proxy
    • Light Mesh
    • Light Router
    • Light Portal
    • Messaging Infrastructure
    • Centralized Logging
    • COVID-19
    • Light OAuth2
    • Metrics and Alerts
    • Config Server
    • Tokenization
    • Light Controller
  • Tool Chain
    • Tool Chain Overview
  • Utility Library
  • Service Consumer
    • Service Consumer
  • Development
    • Development Overview
  • Deployment
    • Deployment Overview
    • Frontend Backend
    • Linux Service
    • Windows Service
    • Install Eventuate on Windows
    • Secure API
    • Client vs light-router
    • Memory Limit
    • Deploy to Kubernetes
  • Benchmark
    • Benchmark Overview
  • Tutorial
    • Tutorial Overview
  • Troubleshooting
    • Troubleshoot
  • FAQ
    • FAQ Overview
  • Milestones
  • Contribute
    • Contribute to Light
    • Development
    • Documentation
    • Example
    • Tutorial
“Install Certificate” was last updated: July 5, 2021: fixes #275 checked and corrected grammar/spelling for majority of pages (#276) (b3bbb7b)
Improve this page
  • News
  • Docs
  • Community
  • Reddit
  • GitHub
  • About Light
  • Getting Started
  • Architecture
  • Design
  • Cross-Cutting Concerns
  • API Styles
  • Infrastructure Services
  • Tool Chain
  • Utility Library
  • Service Consumer
  • Development
  • Deployment
  • Benchmark
  • Tutorial
  • Troubleshooting
  • FAQ
  • Milestones
  • Contribute