自签证书
openssl生成服务端证书,不使用CA证书直接生成
# 1、创建服务器私钥,命令会让你输入一个口令:
openssl genrsa -des3 -out server.key 1024
# 2、创建签名请求的证书(CSR):
openssl req -new -key server.key -out server.csr
# 3、在加载SSL支持的Nginx并使用上述私钥时除去必须的口令:
cp server.key server.key.orgopenssl rsa -in server.key.org -out server.key
# 4、最后标记证书使用上述私钥和CSR:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# 5、server证书转换成keystore文件:
openssl pkcs12 -export -in server.crt -inkey server.key -out keystore.p12 -name tomcat
配置properties
把keystore.p12文件放到resources中
配置application.properties文件
1 2 3 4 5 6
| ##同时支持http和https server.port:8443 server.ssl.key-store: classpath:keystore.p12 server.ssl.key-store-password: 123456 server.ssl.keyStoreType: PKCS12 server.ssl.keyAlias: tomcat
|
配置HTTP端口
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
| package com.woniu.learnhttps.config; import org.apache.catalina.connector.Connector; import org.springframework.boot.context.embedded.ConfigurableEmbeddedServletContainer; import org.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer; import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; /** * created by woniu201 * created in 2018/5/4 */ @Configuration public class MultiConnectionSupport { @Bean public EmbeddedServletContainerCustomizer containerCustomizer() { return new EmbeddedServletContainerCustomizer() { @Override public void customize(ConfigurableEmbeddedServletContainer container) { if (container instanceof TomcatEmbeddedServletContainerFactory) { TomcatEmbeddedServletContainerFactory containerFactory = (TomcatEmbeddedServletContainerFactory) container; Connector connector = new Connector(TomcatEmbeddedServletContainerFactory.DEFAULT_PROTOCOL); connector.setPort(8080); containerFactory.addAdditionalTomcatConnectors(connector); } } }; } }
|
HTTP端口是8080,HTTPS端口是8443