##🎉 Spring Boot系列技术文章和开源项目等系列文章收集整理
一、为什么要部署SSL证书:
目前互联网采取的是全网强制SSL,尤其是微信开发、APP开发、谷歌等都是强制的,为确保数据安全性,把http请求改成HTTPS(URL
https://而不是http://)请求确保客户端与站点传输数据的加密作用,所有操作系统都可以部署。
二、SSL证书是什么?
SSL(Secure socket
layer)对用户和服务器进行认证,对传输数据进行加密的和隐藏的全球化标准的的安全协议,保证在互联网交易中,双方传递信息的安全性。
详细的各位小伙伴可自行百度哦。
三、获取SSL证书
可登陆阿里云官网,搜索栏搜索ssl然后点击购买,里面有免费的证书,选择服务器类型下载证书就行。
四、Springboot项目中配置SSL证书
有两种方案可进行SSL证书的配置,一种是直接用原来的格式,一种是转化为jks格式的。两种配置方法一样,只是证书格式不一样。
转化为jks文件代码,也可以用其他方法进行转化,网上都有教程
public class SSL {
public static final String PKCS12 = "PKCS12";
public static final String JKS = "JKS";
// pfx文件路径
public static final String PFX_KEYSTORE_FILE = "4268356_www.lanfei21.net.pfx";// pfx文件位置
// 导出为pfx文件的设的密码
public static final String KEYSTORE_PASSWORD = "GMyQrDJ6";
// 新生成的jks文件保存位置
public static final String JKS_KEYSTORE_FILE = "E:\\disinfestation.jks"; public static void main(String[] args) {
coverTokeyStore();
}
public static void coverTokeyStore() {
try {
KeyStore inputKeyStore = KeyStore.getInstance(PKCS12);
FileInputStream fis = new FileInputStream(PFX_KEYSTORE_FILE);
char[] mPwd = null;
if (KEYSTORE_PASSWORD == null
|| KEYSTORE_PASSWORD.trim().equals("")) {
mPwd = null;
} else {
mPwd = KEYSTORE_PASSWORD.toCharArray();
}
inputKeyStore.load(fis, mPwd);
fis.close();
KeyStore outKeyStore = KeyStore.getInstance(JKS);
outKeyStore.load(null, mPwd);
Enumeration<String> enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) {
String keyAlias = (String) enums.nextElement();
System.out.println("alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
java.security.Key key = inputKeyStore
.getKey(keyAlias, mPwd);
Certificate[] certChain = inputKeyStore
.getCertificateChain(keyAlias);
outKeyStore.setKeyEntry(keyAlias, key, mPwd, certChain);
}
FileOutputStream fos = new FileOutputStream(JKS_KEYSTORE_FILE);
outKeyStore.store(fos, mPwd);
fos.close();
}
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
public static void coverToPfx() {
try {
KeyStore inputKeyStore = KeyStore.getInstance(JKS);
FileInputStream fis = new FileInputStream(JKS_KEYSTORE_FILE);
char[] mPwd = null;
if (KEYSTORE_PASSWORD == null
|| KEYSTORE_PASSWORD.trim().equals("")) {
mPwd = null;
} else {
mPwd = KEYSTORE_PASSWORD.toCharArray();
}
inputKeyStore.load(fis, mPwd);
fis.close();
KeyStore outKeyStore = KeyStore.getInstance(PKCS12);
outKeyStore.load(null, mPwd);
Enumeration<String> enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) {
String keyAlias = (String) enums.nextElement();
System.out.println("alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
java.security.Key key = inputKeyStore
.getKey(keyAlias, mPwd);
Certificate[] certChain = inputKeyStore
.getCertificateChain(keyAlias);
outKeyStore.setKeyEntry(keyAlias, key, mPwd, certChain);
}
FileOutputStream fos = new FileOutputStream(PFX_KEYSTORE_FILE);
outKeyStore.store(fos, mPwd);
fos.close();
}
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
在配置文件中加上这些
#https加密端口号 443
server.port=443
#SSL证书路径 一定要加上classpath: 3824167.jks
server.ssl.key-store=classpath:qingfeng.jks
#SSL证书密码6cj3QrTo
server.ssl.key-store-password=7K8UBVe5
#证书类型
server.ssl.key-store-type=JKS
#证书别名
server.ssl.key-alias=alias
在Springboot启动类中进行配置http转HTTPS代码
/**
* http 转 https
*/
@Bean
public Connector connector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
// 监听的http端口
connector.setPort(80);
connector.setSecure(false);
// 监听到http端口后跳转的https端口
connector.setRedirectPort(443);
return connector;
}
/**
* 拦截所有的请求
*/
@Bean
public TomcatServletWebServerFactory tomcatServletWebServerFactory(Connector connector) {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addMethod("post");
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(connector);
return tomcat;
}
此时运行http://localhost:80,会自动跳转到https://localhost:443
原文链接地址:https://t.1yb.co/6BqX
微信扫一扫,获取更多精彩。