Certificates and private keys are generated in 2 steps for free which shows the simplicity of Let’s Encrypt. All of these generated materials are with PEM extension which is not supported in Spring Boot. Spring-Boot does not support PEM files generated by Let’s Encrypt. Spring Boot supports PKCS12 extension. Using OpenSSL, we convert our certificate and private key to PKCS12.
Get the Certificate
If you are using the SSL Let’s Encrypte Generator, you will get two files.
| ca-bundle.txt | certificate |
| private.txt | private key |
Step 1: turn certificate
$ openssl x509 -in ca-bundle.txt -out chain.pem
Step 2: Save https://letsencrypt.org/certs/letsencryptauthorityx1.pem.
Step 3: combine the 3 files into the PKCS formate certificate.
$ openssl pkcs12 -export -inkey privkey.txt -in chain.pem -CAfile letsencryptauthorityx1.pem -out cert.p12
cert.p12 now includes the private key, your certificate, and the full certificate chain.