近期公司做了一个小程序跟后台管理系统,需要部署上线,在配置SSL证书上,遇到各种坑,花了不少时间才解决,网上资料比较杂也不全面,在此做个笔记,方便以后使用,有需要的同学也可以借鉴一下。话不多说,直接开始。
1、准备好SSL证书
可以使用阿里云免费的SSL证书或者腾讯云免费的SSL证书,具体生成过程,官网和网上资料都很全,看一下就知道了,我在这里就不多说,主要讲解证书如何配置使用。我以阿里云为例。
2、把证书放入项目
因为SpringBoot运行,内置Tomcat,所以使用Tomcat服务器证书,下载阿里云证书到本地,解压如下,包含两个文件,.pfx是证书文件,.txt是密码文件。
把.pfx证书文件放入到项目中的resources文件夹下,如下图所示:
3、application.yml配置
server:
port: 8080
ssl:
key-store: classpath:7920347_hcwy.uniplore.cn.pfx #替换成自己的证书文件
key-store-password: ******** #替换成自己的密码
key-store-type: PKCS12 #证书类型
踩坑一:网上多数配置完此步骤后就没了,然后我运行应用,一直报错,错误如下:
Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2022-06-11 13:22:08.812 [main] ERROR org.springframework.boot.SpringApplication:837 - Application run failed
org.springframework.context.ApplicationContextException: Failed to start bean 'webServerStartStop'; nested exception is org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat server
at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:185)
at org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:53)
at org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:360)
at org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:158)
at org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:122)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:895)
at org.springframework.context.support.AbstractApplicationContext.__refresh(AbstractApplicationContext.java:554)
at org.springframework.context.support.AbstractApplicationContext.jrLockAndRefresh(AbstractApplicationContext.java:40002)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:41008)
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:143)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:758)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:750)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:405)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:315)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1237)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226)
at org.jeecg.JeecgSystemApplication.main(JeecgSystemApplication.java:28)
Caused by: org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat server
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:229)
at org.springframework.boot.web.servlet.context.WebServerStartStopLifecycle.start(WebServerStartStopLifecycle.java:43)
at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:182)
... 16 common frames omitted
Caused by: java.lang.IllegalArgumentException: standardService.connector.startFailed
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:231)
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:282)
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:213)
... 18 common frames omitted
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1067)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:227)
... 20 common frames omitted
Caused by: java.lang.IllegalArgumentException: DerInputStream.getLength(): lengthTag=111, too big.
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:216)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1227)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:592)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1064)
... 22 common frames omitted
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=111, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:606)
at sun.security.util.DerValue.init(DerValue.java:391)
at sun.security.util.DerValue.<init>(DerValue.java:332)
at sun.security.util.DerValue.<init>(DerValue.java:345)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1941)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:67)
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:216)
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:207)
at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:282)
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:246)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
... 28 common frames omitted
于是我又网上查阅资料,最终加上第4步。
4、修改pom.xml文件
在项目下的pom.xml文件的build/resources节点下加上如下代码:
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
<excludes>
<!-- 替换成自己的证书文件 -->
<exclude>7920347_hcwy.uniplore.cn.pfx</exclude>
</excludes>
</resource>
<resource>
<directory>src/main/resources</directory>
<filtering>false</filtering>
<includes>
<!-- 替换成自己的证书文件 -->
<include>7920347_hcwy.uniplore.cn.pfx</include>
</includes>
</resource>
大概意思是资源文件过滤时排除证书文件。
踩坑二:继续运行应用,还是一样的错误!最后查阅资料发现是由于证书加载不正确导致,证书被maven-resources-plugin修改过,故需要加上第5步。
5、修改pom.xml文件
在项目下的pom.xml文件的build/plugins节点下加上如下代码:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<configuration>
<nonFilteredFileExtensions>
<!-- 过滤后缀为pfx的证书文件 -->
<nonFilteredFileExtension>pfx</nonFilteredFileExtension>
</nonFilteredFileExtensions>
</configuration>
</plugin>
至此,大功告成!