1.使用jdk自带的 keytools 创建证书
打开cmd窗口,输入如下命令
keytool -genkey -alias tomcat -keypass 123456 -keyalg RSA -keysize 1024 -validity 3650 -keystore D:/https.keystore -storepass 123456
然后在命令窗口,按照提示进行操作
如:名字/单位名称/组织名称等等。
2.将keystone文件resources文件下,application.properties添加如下配置
#443端口,即https的默认访问端口
server.port=443
server.http-port=9090
server.ssl.enabled=true
server.ssl.key-store=classpath:https.keystore
server.ssl.key-store-type=JKS
server.ssl.key-alias=tomcat
server.ssl.key-password=123456
server.ssl.key-store-password=123456
3、新建配置类用于http跳转至https
@Configuration public class Http2Https {
@Value("${server.port}") private int sslPort;//https的端口 @Value("${server.http-port}") private int httpPort;//http的端口 @Bean public TomcatServletWebServerFactory servletContainerFactory() { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { @Override protected void postProcessContext(Context context) { //设置安全性约束 SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setUserConstraint("CONFIDENTIAL"); //设置约束条件 SecurityCollection collection = new SecurityCollection(); //拦截所有请求 collection.addPattern("/*"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); } }; Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); //设置将分配给通过此连接器接收到的请求的方案 connector.setScheme("http"); //true: http使用http, https使用https; //false: http重定向到https; connector.setSecure(false); //设置监听请求的端口号,这个端口不能其他已经在使用的端口重复,否则会报错 connector.setPort(httpPort); //重定向端口号(非SSL到SSL) connector.setRedirectPort(sslPort); tomcat.addAdditionalTomcatConnectors(connector); return tomcat; }
}
4、完成以上操作后,启动程序,可以发现启动信息内有:
Tomcat initialized with port(s): 443 (https) 9090 (http)