Springboot2使用SSH证书
使用命令生成证书
keytool -genkey -alias tomcat -keypass 12345678 -keyalg RSA -keysize 2048 -validity 365 -keystore ./tomcat.keystore -storepass 12345678
keytool -genkey -alias client -keypass 12345678 -keyalg RSA -keysize 2048 -validity 365 -storetype PKCS12 -keystore ./client.p12 -storepass 12345678
yml配置
server: port: 8443 #注意,这里是https访问的的端口号 ssl: key-store: file:src\main\resources\client.p12 key-store-password: 12345678 key-store-type: PKCS12 key-alias: client
package com.daimeng.interceptor; import org.apache.catalina.Context; import org.apache.catalina.connector.Connector; import org.apache.tomcat.util.descriptor.web.SecurityCollection; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; /** * * @功能描述: SSL证书 * tomcat.keystore * keytool -genkey -alias tomcat -keypass 12345678 -keyalg RSA -keysize 2048 -validity 365 -keystore ./tomcat.keystore -storepass 12345678 * client.p12 * keytool -genkey -alias client -keypass 12345678 -keyalg RSA -keysize 2048 -validity 365 -storetype PKCS12 -keystore ./client.p12 -storepass 12345678 * @方法名称: servletContainer * @路径 com.daimeng.interceptor * @作者 daimeng.fun * @E-Mail sephy9527@qq.com * @创建时间 2020年3月21日 下午10:08:40 * @version V1.0 * @return * @return TomcatServletWebServerFactory */ @Configuration public class SSLTomcatServletWebServerFactory { @Value("${connector.http.port}") private Integer httpPort; @Value("${connector.https.port}") private Integer httpsPort; @Bean public TomcatServletWebServerFactory servletContainer() { //springboot2 新变化 //springboot2是TomcatServletWebServerFactory,springboot1则是TomcatEmbeddedServletContainerFactory TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setUserConstraint("CONFIDENTIAL");//机密的 SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); } }; tomcat.addAdditionalTomcatConnectors(initiateHttpConnector()); return tomcat; } private Connector initiateHttpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); connector.setPort(httpPort); connector.setSecure(false); connector.setRedirectPort(httpsPort); return connector; } }
把client.p12文件放到resource目录下即可