自签证书
openssl生成服务端证书,不使用CA证书直接生成
# 1、创建服务器私钥,命令会让你输入一个口令:
openssl genrsa -des3 -out server.key 1024
# 2、创建签名请求的证书(CSR):
openssl req -new -key server.key -out server.csr
# 3、在加载SSL支持的Nginx并使用上述私钥时除去必须的口令:
cp server.key server.key.orgopenssl rsa -in server.key.org -out server.key
# 4、最后标记证书使用上述私钥和CSR:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# 5、server证书转换成keystore文件:
openssl pkcs12 -export -in server.crt -inkey server.key -out keystore.p12 -name tomcat
配置properties
把keystore.p12文件放到resources中
配置application.properties文件
1
2
3
4
5
6
| ##同时支持http和https
server.port:8443
server.ssl.key-store: classpath:keystore.p12
server.ssl.key-store-password: 123456
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: tomcat
|
配置HTTP端口
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
| package com.woniu.learnhttps.config;
import org.apache.catalina.connector.Connector;
import org.springframework.boot.context.embedded.ConfigurableEmbeddedServletContainer;
import org.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer;
import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* created by woniu201
* created in 2018/5/4
*/
@Configuration
public class MultiConnectionSupport {
@Bean
public EmbeddedServletContainerCustomizer containerCustomizer() {
return new EmbeddedServletContainerCustomizer() {
@Override
public void customize(ConfigurableEmbeddedServletContainer container) {
if (container instanceof TomcatEmbeddedServletContainerFactory) {
TomcatEmbeddedServletContainerFactory containerFactory =
(TomcatEmbeddedServletContainerFactory) container;
Connector connector = new Connector(TomcatEmbeddedServletContainerFactory.DEFAULT_PROTOCOL);
connector.setPort(8080);
containerFactory.addAdditionalTomcatConnectors(connector);
}
}
};
}
}
|
HTTP端口是8080,HTTPS端口是8443
