1、生成带域名的keystore
PS D:\Java\jdk1.8.0_131\bin> .\keytool.exe -genkeypair -alias dongbao-alias -keypass 123456 -keyalg RSA -validity 365 -keystore D:\cer2\dongbao-alias.keystore -storepass 123456 -ext san=dns:localhost
2、导出证书
PS D:\Java\jdk1.8.0_131\bin> .\keytool.exe -exportcert -alias dongbao-alias -keystore D:\cer2\dongbao-alias.keystore -file D:\cer2\my.cer
输入密钥库口令:
点击D: \cer2\下的my.cer文件,进行安装处理,添加到受信任的根证书颁发机构。
3、测试代码
需要在resources下添加dongbao-alias.keystore
@SpringBootApplication
@RestController
public class CaWebApplication {
public static void main(String[] args) {
SpringApplication.run(CaWebApplication.class, args);
}
@GetMapping("/hello")
public String hello(){
return "hello https";
}
}
/**
* http强制跳转https
*/
@Configuration
public class HttpToHttps {
// https的端口
@Value("${server.port}")
private int sslPort;
// http的端口
@Value("${http-port}")
private int httpPort;
@Bean
public TomcatServletWebServerFactory servletContainerFactory() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
//设置安全性约束
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
//设置约束条件
SecurityCollection collection = new SecurityCollection();
//拦截所有请求
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
//遇到http进行转发
connector.setScheme("http");
//true: http使用http, https使用https;
//false: http重定向到https;
connector.setSecure(false);
// 设置http端口
connector.setPort(httpPort);
//重定向端口号(非SSL到SSL)
connector.setRedirectPort(sslPort);
tomcat.addAdditionalTomcatConnectors(connector);
return tomcat;
}
}
#http端口 http-port: 82 #https端口 server: port: 81 ssl: key-store: classpath:dongbao-alias.keystore key-store-type: JKS key-alias: dongbao-alias key-store-password: 123456 key-password: 123456