https

发表于 | | 阅读次数:
字数统计: 676

keytool 创建证书

  1. keytool 是jdk自带的可执行文件,路径Program Files\Java\jdk1.8.0_201\bin\keytool.exe

  2. keytool -genkey -alias tomcat -keyalg RSA -keystore D:\learn.keystore

    • 需在keytool.exe所在路径执行

    • -keystore, 指定生成位置。如果C盘可能没有权限。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
PS Program Files\Java\jdk1.8.0_201\bin> keytool -genkey -alias tomcat -keyalg RSA -keystore D:\learn.keystore
输入密钥库口令:123456
再次输入新口令:123456
您的名字与姓氏是什么?
  [Unknown]:
您的组织单位名称是什么?
  [Unknown]:
您的组织名称是什么?
  [Unknown]:
您所在的城市或区域名称是什么?
  [Unknown]:
您所在的省/市/自治区名称是什么?
  [Unknown]:
该单位的双字母国家/地区代码是什么?
  [Unknown]:
CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown是否正确?
  [否]:  y

输入 <tomcat> 的密钥口令
        (如果和密钥库口令相同, 按回车):

Warning:
JKS 密钥库使用专用格式。建议使用 "keytool -importkeystore -srckeystore D:\learn.keystore -destkeystore D:\learn.keystore -deststoretype pkcs12" 迁移到行业标准格式 PKCS12。
  1. 在指定位置(D:\learn.keystore)找到证书文件

SpringBoot引入证书

  1. 复制证书到config文件夹
  2. 编辑config文件夹下的application.properties
    1
    2
    3
    4
    5
    6
    server.ssl.key-store=./config/learn.keystore
    server.ssl.key-store-password=123456
    server.ssl.key-store-type=JKS

    server.ssl.key-alias=tomcat
    server.ssl.enabled=true

SpringBoot使用证书

启动类进行配置:

1. springboot2.X写法

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
@SpringBootApplication
public class HttpsApplication {

    @Bean
    public TomcatServletWebServerFactory servletContainer(){
        TomcatServletWebServerFactory tomcat=new TomcatServletWebServerFactory(){
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint=new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection=new SecurityCollection();
                collection.addPattern("/*");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            }
        };
        return tomcat;
    }

    public static void main(String[] args) {
        SpringApplication.run(HttpsApplication.class, args);
    }
}

如果你想输入http的url地址,然后自动跳转到https的url地址,可以增加如下代码:

输入 http://localhost:9999/user,浏览器会自动跳转到 https://localhost/user

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
@SpringBootApplication
public class HttpsApplication {
    @Bean
    public Connector connector(){ // 自动跳转配置
        Connector connector=new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");	// 输入http地址
        connector.setPort(9999);		// http地址的端口号
        connector.setSecure(false);		
        connector.setRedirectPort(443);	// 自动跳转到https地址的端口号
        return connector;
    }

    @Bean
    public TomcatServletWebServerFactory servletContainer(Connector connector){
        TomcatServletWebServerFactory tomcat=new TomcatServletWebServerFactory(){
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint=new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection=new SecurityCollection();
                collection.addPattern("/*");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            }
        };
        tomcat.addAdditionalTomcatConnectors(connector); // 自动跳转引用
        return tomcat;
    }

    public static void main(String[] args) {
        SpringApplication.run(HttpsApplication.class, args);
    }

}

2. 低于springboot2.X版本写法

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
@Bean
public EmbeddedServletContainerFactory servletContainer() {
    TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
        @Override
        protected void postProcessContext(Context context) {
            SecurityConstraint securityConstraint = new SecurityConstraint();
            securityConstraint.setUserConstraint("CONFIDENTIAL");//confidential
            SecurityCollection collection = new SecurityCollection();
            collection.addPattern("/*");
            securityConstraint.addCollection(collection);
            context.addConstraint(securityConstraint);
        }
    };
    return tomcat;
}

Https访问

此时采用http访问http://localhost:9999/user
会出现错误提示:

1
2
Bad Request
This combination of host and port requires TLS.

采用https访问https://localhost:9999/user

如果会出现不安全等提示,点击继续前往即可。

-------------Keep It Simple Stupid-------------
0%