Java

spring-boot中使用https

Posted by PanMin on June 6, 2017

spring-boot中使用https

获取ssl证书

两张获取方式:

  • 自己通过keytool生成

    keytool在jdk的bin目录下

keytool -genkey -alias tomcat  -storetype PKCS12 -keyalg RSA -keysize 2048  -keystore keystore.p12 -validity 3650

Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]:
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]:
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
[no]: yes

这样就会生成一个PKCS12格式的叫做keystore.p12的证书。

  • 通过证书授权机构证书

    可以使用阿里云盾的免费证书:https://www.aliyun.com/product/cas

购买后, 会有邮件发到注册邮箱来认证的. 当然, 这里要注意这个免费的证书只能用在一个域名下。

证书在spring-boot配置

  • 自己通过keytool生成的keystore.p12文件放在项目根目录下 在application.properties中配置HTTPS: 
    server.port: 8443
server.ssl.key-store: classpath:keystore.p12
server.ssl.key-store-password: 123456 #生成ssl时的密码
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: tomcat
  • 在阿里云盾申请的免费证书下载下来是pfx格式的,放在resources目录下和application.properties并列。 在application.properties中配置HTTPS: 
    server.ssl.key-store=classpath:1111111.pfx
server.ssl.key-store-password=1111111
server.ssl.keyStoreType=PKCS12

    因为是生产环境, 需要做 http 自动转到 https. 所以这里不配置端口号.

http重定向到https

在spring-boot的Application启动类中添加以下代码:

 @Bean
  public EmbeddedServletContainerFactory servletContainer() {

    TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {

        @Override
        protected void postProcessContext(Context context) {

          SecurityConstraint securityConstraint = new SecurityConstraint();
          securityConstraint.setUserConstraint("CONFIDENTIAL");
          SecurityCollection collection = new SecurityCollection();
          collection.addPattern("/*");
          securityConstraint.addCollection(collection);
          context.addConstraint(securityConstraint);
        }
    };
    tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
    return tomcat;
  }

  private Connector initiateHttpConnector() {

    Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
    connector.setScheme("http");
    connector.setPort(8080);
    connector.setSecure(false);
    connector.setRedirectPort(8443);
    return connector;
  }
CATALOG
    FEATURED TAGS
    node.js Java Android 数据库 mongodb 读书 html redis 反思 vue