Configure SSL certificate in Angular 8 with Spring boot Application

Question

I read few tutorials to configure LetsEncrypt SSL certificate in spring boot. We have an application developed in spring boot. it is running on embedded tomcat 8080. I have another Angular 8 App which is running on default 4200 port. Both apps are able to communicate with each other properly with the help of JwtToken. Now i want my App/domain should be ssl enabled. So my question is, do we need separate SSL certificates for both apps or it would be enough to configure at spring boot side.

Answer 1

Do we need separate SSL certificates?

If your tomcat server and angular app are under the same domain (sub-domains) you could secure both of them using single certification.

It would be enough to configure at spring boot side?

No, the whole point is to secure the connection from angular to tomcat server, if you used http on angular the page with keep showing not secured.

Please feel free to ask for any more clarification.

Answer 2

Let me post the answer of my question itself, after couple of days R&D.

Do we need separate SSL certificates? Ans: We need only 1 certificate which we can generate against our domain name lets say someexample.com; Not explaining how to generate ssl certificate in this answer. This particular certificate should be configured with tomcat & nginx server both. If you will not give ssl certificate path in nginx then you will face error in browser network calls(INVALID_CERT_ERROR) I generated my ssl certificate files at /etc/letsencrypt/live/. It may differ for you.

I edited the tomcat/config/server.xml file

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150" SSLEnabled="true">
      <SSLHostConfig>
        <Certificate hostName="someexample.com" certificateFile="/etc/letsencrypt/live/cert.pem"
                     certificateKeyFile="/etc/letsencrypt/live/privkey.pem"
                     certificateChainFile="/etc/letsencrypt/live/chain.pem" />
      </SSLHostConfig>
    </Connector>

Note that same ssl certificate we required to add in nginx too. Edited ngix.conf file.

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    #someexample.com
     server {
        listen   443;
        ssl    on;
        ssl_certificate    /etc/letsencrypt/live/someexample.com/cert.pem;
        ssl_certificate_key    /etc/letsencrypt/live/someexample.com/privkey.pem;
        server_name someexample.com;
        location / {
            root   html;
            index  index.html;
        }
        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256;
    }
    server {
        listen 80;
        server_name www.someexample.com someexample.com;
        return 301 https://someexample.com;
    }
}