Let's Encrypt申请免费SSL证书(Windows环境+Tomcat+Java)

工具:

1、下载letsencrypt-win-simple.V1.9.1.zip

http://files.cnblogs.com/files/teamblog/letsencrypt-win-simple.V1.9.1.zip

2、沃通代码签名工具（用于转换为JKS格式）

https://www.wosign.com/marketing/2015_WoSign_sign_tools/index.htm

目录：

• 1、服务器验证代码（spring MVC ）
• 2、申请Let's Encrypt免费SSL证书
• 3、证书转换成JKS格式

 

一、服务器验证代码（spring MVC ）

1、“tomcat服务”与“letsencrypt-win-simple.V1.9.1申请证书工具”必须在同一台电脑上

2、请注意过滤器是否允许通行

import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.*;

@Controller
@RequestMapping("/")
public class SSLController {

    @RequestMapping("/.well-known/acme-challenge/*")
    public ResponseEntity<String> check(HttpServletRequest request, HttpServletResponse response){
        HttpHeaders responseHeaders = new HttpHeaders();
        responseHeaders.set("Content-Type", "application/json;charset=UTF-8");
        String result="";
        try {
            String URI=request.getRequestURI().replace("/","\\");
            //文件路径自行替换一下就行,就是上图中生成验证文件的路径,因为URI中已经包含了/.well-known/acme-challenge/,所以这里不需要
            File file=new File("E:\\letsencrypt-win-simple.V1.9.1\\n1u6307440.51mypc.cn\\"+URI);
            InputStream is = new FileInputStream(file);
            // 设置response参数，可以打开下载页面
            response.reset();
            response.setContentType("application/vnd.ms-excel;charset=utf-8");
            response.setHeader("Content-Disposition", "attachment;filename="+ new String(("验证文件").getBytes(), "iso-8859-1"));
            ServletOutputStream out = response.getOutputStream();
            BufferedInputStream bis = null;
            BufferedOutputStream bos = null;
            try {
                bis = new BufferedInputStream(is);
                bos = new BufferedOutputStream(out);
                byte[] buff = new byte[2048];
                int bytesRead;
                // Simple read/write loop.
                while (-1 != (bytesRead = bis.read(buff, 0, buff.length))) {
                    bos.write(buff, 0, bytesRead);
                }
            } catch (final IOException e) {
                throw e;
            } finally {
                if (bis != null)
                    bis.close();
                if (bos != null)
                    bos.close();
            }
        }catch (Exception e){
            e.printStackTrace();
        }
        return new ResponseEntity<String>(result, responseHeaders, HttpStatus.OK);
    }
}

二、申请Let's Encrypt免费SSL证书

1、解压letsencrypt-win-simple.V1.9.1.zip并打开letsencrypt.exe应用

2、输入邮箱账号

3、按Y同意条款

4、按M,手动生成一个证书。

5、输入你想转为https的域名

5、输入根目录名

6、找到生成的证书

三、证书转换成JKS格式