我有一个小型springboot应用程序。我需要使用HTPPS,我从嵌入式tomcat的CA购买SSL证书。 我尝试配置它。 application.property:
#https server properties
server.port=8443
server.ssl.key-alias=tomcat
server.ssl.key-store-type=PKCS12
server.ssl.key-store-provider=SUN
server.ssl.key-store=classpath:https/keystore1.p12
server.ssl.key-store-password=password
第12页使用keytool
创建keytool.exe -import -alias tomcat -file C:\**\*.crt -keystore C:\**\resources\https\keystore1.p12 -storetype pkcs12 -storepass password
**。crt我来自CA.我也有私钥,但不知道我需要在哪里使用它。
当我尝试启动此应用时,我遇到了错误
org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:225) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:255) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:300) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:162) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:552) [spring-context-5.0.4.RELEASE.jar:5.0.4.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:752) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:388) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:327) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1246) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1234) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at xmpptelegram.XmppTelegramApplication.main(XmppTelegramApplication.java:12) [classes/:na]
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1021) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
... 13 common frames omitted
Caused by: java.lang.IllegalArgumentException: Alias name [tomcat] does not identify a key entry
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1150) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:591) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1018) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
... 14 common frames omitted
Caused by: java.io.IOException: Alias name [tomcat] does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:229) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
... 19 common frames omitted
2018-04-02 11:20:16.662 INFO 15988 --- [ main] o.apache.catalina.core.StandardService : Stopping service [Tomcat]
2018-04-02 11:20:16.674 INFO 15988 --- [ main] ConditionEvaluationReportLoggingListener :
Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2018-04-02 11:20:16.678 ERROR 15988 --- [ main] o.s.b.d.LoggingFailureAnalysisReporter :
***************************
APPLICATION FAILED TO START
***************************
Description:
The Tomcat connector configured to listen on port 8443 failed to start. The port may already be in use or the connector may be misconfigured.
Action:
Verify the connector's configuration, identify and stop any process that's listening on port 8443, or configure this application to listen on another port.
为什么app看不到别名?我在密钥库中看到它。
我可能需要在springboot tomcat中使用https的其他设置吗?所有关于使用celfsinght证书的说明......
答案 0 :(得分:0)
您应该将整个CA回复导入密钥库,而不仅仅是签名证书。这可能是p7b或p7r文件。您所做的只会将证书添加为可信证书。它不会将证书链与您的私钥相关联。
您需要编辑-file参数(在此处提供正确的文件)。
答案 1 :(得分:0)
必须付出很多努力才能使它起作用。
这适用于所有从证书颁发机构获得证书的人。
这是因为 .p12 生成不正确。
您需要 openssl 。
在 windows 中,您可以转到Gitbash并输入: winpty openssl
执行以下命令:
pkcs12 -export -in yourcert.cer -inkey yourkey.key -out keystore1.p12
它将要求输入密码:这是 .secret 文件中的值。
它将要求一个导出密码:提供您想要的任何内容,例如exportpassword
在您的 Spring Boot应用中,将生成的 keystore1.p12 放入资源文件夹中。
在 application.yml 文件中,进行如下配置:
server:
port: 7878
ssl:
enabled: true
key-store: classpath:keystore1.p12
key-store-type: PKCS12
key-store-password: exportpassword