SpringBoot 配置 SSL 证书
1. 申请 SSL 证书
下载解压有如下四个文件:*.key(密钥文件)、*.pem、*.pfx(pfx 类型证书)、*.txt(密码文件)
2. 使用 JDK 证书管理工具 keytool.exe 打包 jks 文件
(1)打开 CMD 进入 JDK 所在目录,如 cd D:\Program Files\Java\jdk1.8.0_131\bin 进入 bin 目录:
(2)执行如下打包命令
C:\Users\Administrator\Desktop\ssl\20200427.pfx 需修改为自己的 SSL pfx 证书文件目录;
20200427.jks 为自己命名的 jks 文件;
keytool -importkeystore -srckeystore C:\Users\Administrator\Desktop\ssl\20200427.pfx -destkeystore 20200427.jks -srcstoretype PKCS12 -deststoretype JKS
(3)输入三次密码(三次密码一致,密码为 *.txt 文件)
出现如上图所示,则打包 jks 文件成功,并记住别名:alias。
(4)在 JDK 中的 bin 目录找到 jks 文件
复制 20200427.jks 文件至项目的 application.properties 或 application.yml 同级目录。
3. 修改 SpringBoot 配置文件 application.properties 或 application.yml
本例以 application.yml 为示例:
server: # https 加密端口号 443 port: 443 ssl: # SSL 证书路径,classpath 必不可少 key-store: classpath:20200427.jks # SSL 证书密码 key-store-password: WQXLFRGHT # 证书类型 key-store-type: JKS # 证书别名 key-alias: alias
4. 新建配置类 HttpsConfig
(1)同时支持 https 和 http 两种协议
SpringBoot 1.5 版本代码:
@Configuration public class HttpsConfig { @Bean public EmbeddedServletContainerFactory servletContainer() { TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory(); tomcat.addAdditionalTomcatConnectors(initiateHttpConnector()); return tomcat; } private Connector initiateHttpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setPort(8101); return connector; } }
SpringBoot 2.0 版本代码:
@Configuration public class HttpsConfig { @Bean public TomcatServletWebServerFactory servletContainer() { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory(); tomcat.addAdditionalTomcatConnectors(httpConnector()); return tomcat; } @Bean public Connector httpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setPort(8101); return connector; } }
(2)访问 http 自动重定向 https
SpringBoot 1.5 版本代码:
@Configuration public class HttpsConfig { @Bean public EmbeddedServletContainerFactory servletContainer() { TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); } }; tomcat.addAdditionalTomcatConnectors(initiateHttpConnector()); return tomcat; } private Connector initiateHttpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); connector.setPort(8101); connector.setSecure(false); connector.setRedirectPort(443); return connector; } }
SpringBoot 2.0 版本代码:
@Configuration public class HttpsConfig { @Bean public TomcatServletWebServerFactory servletContainer() { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint constraint = new SecurityConstraint(); constraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); constraint.addCollection(collection); context.addConstraint(constraint); } }; tomcat.addAdditionalTomcatConnectors(httpConnector()); return tomcat; } private Connector httpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); // Connector 监听的 http 的端口号 connector.setPort(8101); connector.setSecure(false); // 监听到http的端口号后转向到的https的端口号 connector.setRedirectPort(443); return connector; } }
5. 启动 SpringBoot 服务
若出现如下日志,则表示启动配置成功,其中 443 代表 https 端口,8101 代表 http 端口:
访问地址进行测试:
