SpringBoot配置SSL证书–JKS格式
准备工作
- 申请证书(免费或购买),下载(证书 + 密钥)
- 域名解析
- springboot项目
- 将证书放到项目中,resource.ssl
- 添加配置
2
3
4
5
6
7
8
9
10
server.ssl.enabled=true
# 配置证书位置
server.ssl.key-store=classpath:ssl/sd.totoadventuregroup.cn.jks
# 证书密钥--私钥密码
server.ssl.key-password=86mdwyl39b
# 证书密钥--证书密码
server.ssl.key-store-password=86mdwyl39b
# 证书类型
server.ssl.key-store-type=JKS
测试,https成功访问、证书配置成功;http访问无法访问(提示TSL)
http转https,只能配置不同端口,当http-port与server.port相同端口占用
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* https配置,将http请求全部转发到https
* @author Jacob
*/
public class HttpsConfig {
private Integer httpPort;
private Integer port;
public TomcatServletWebServerFactory servletContainer() {
// 将http请求转换为https请求
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
protected void postProcessContext(Context context) {
SecurityConstraint constraint = new SecurityConstraint();
// 默认为NONE
constraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
// 所有的东西都https
collection.addPattern("/*");
constraint.addCollection(collection);
context.addConstraint(constraint);
}
};
tomcat.addAdditionalTomcatConnectors(httpConnector());
return tomcat;
}
/**
* 强制将所有的http请求转发到https
* @return httpConnector
*/
public Connector httpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
// connector监听的http端口号
connector.setPort(httpPort);
connector.setSecure(false);
// 监听到http的端口号后转向到的https的端口号
connector.setRedirectPort(port);
return connector;
}
}