HTTPS on Rest architecture

Asked

Viewed 87 times

3

I have a web service written using Springboot that runs on Tomcat and a client application written in Angularjs that runs on Apache2. I would like to know how the SSL issue works for this case. Should SSL be configured in Tomcat and Apache2? If so, can I use the same certificate (both applications are on the same host)? My need is beyond the security itself to have the site on HTTPS. Thank you very much in advance.

  • Quick question - is there any reason for you to separate the two applications? You can add or SPA application files as static/public features in Springboot, no?

  • I can, but thinking of a more scalable architecture for future things in my case should be separated the two applications.

1 answer

3


Yes, you can use the same certificate, provided that:

  • Using a domain certificate (*.dominio.com.br), which is generally not recommended for safety reasons, or
  • A certificate with list of multiple alternative target names - Multiple Subject Alternative Names, or Multiple SAN - (api.dominio.com.br and app.dominio.com.br, for example): inserir a descrição da imagem aqui
    https://www.digicert.com/subject-alternative-name.htm

You will also need to take CORS into consideration, as communication will occur between sub-domains.

  • Thank you so much for the answer. Would you have any example or documentation about this use case? In my research I found nothing similar.

  • @Daniloandrade I have nothing at hand at the moment, but added an image and reference link to Sans.

  • 1

    Thank you very much. You’ve helped so much!

  • @Always a pleasure to help!

Browser other questions tagged

You are not signed in. Login or sign up in order to post.