- 其他相关文章见:个人博客站点:www.val1ant.xin
1. 说明
- 生成证书
- 修改配置文件
- 增加配置类
- 实现HTTP转HTTPS
2. 生成证书
- 获取证书可通过购买,或者本机生成,以下演示本机生成
- 通过
keytool -genkey alias tomcat生成的.keystore已经过时了,不推荐
- 在正确配置完
JDK环境变量的前提下,在任意目录,执行命令
keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
- 按提示填好相关信息……
- 在当前目录下会生成一个
keystore.p12文件,即证书文件
3. 修改配置文件
- 将证书文件复制到
Idea中的项目根目录
- 修改
application.properties文件
# 证书目录
server.ssl.key-store = keystore.p12
#你之前填好的密码
server.ssl.key-store-password= password
server.ssl.keyStoreType= PKCS12
server.ssl.keyAlias: tomcat
4. 增加配置类,包括实现HTTP端口转换HTTPS
package xin.val1ant.ch7.config;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class SSLConfig {
@Bean
public TomcatServletWebServerFactory servletContainer() { //springboot2 新变化
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
return tomcat;
}
private Connector initiateHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8443);
return connector;
}
}
