Spring Boot-本地主机上的HTTPS

时间:2018-10-07 20:16:30

标签: java spring-boot

我已经在Spring Boot中创建了一个应用程序,并使用下面的config在application.properties中启用了SSL 

server.port=8085
server.ssl.key-store=classpath:keystore.jks
server.ssl.client-auth=need
server.ssl.key-alias=selfsigned
server.ssl.key-store-password=password
server.ssl.key-password=password

我还创建了用于通过本地主机访问的自签名证书 keystore.jks

以下是keytool -list -keystore keystore.jks -v

的结果 
Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: selfsigned
Creation date: 5-okt-2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=localhost, OU=UniteInboxAPI, OU=DEV, OU=PKI, OU=Services, O=ING, L=Holualoa, ST=HI, C=US
Issuer: CN=localhost, OU=UniteInboxAPI, OU=DEV, OU=PKI, OU=Services, O=ING, L=Holualoa, ST=HI, C=US
Serial number: 68547095
Valid from: Fri Oct 05 17:24:46 CEST 2018 until: Sat Oct 05 17:24:46 CEST 2019
Certificate fingerprints:
         MD5:  E5:48:B0:2F:DA:5C:BE:8E:30:A9:A6:CF:B3:07:55:DC
         SHA1: EC:C2:B2:F5:70:CA:57:47:8F:54:A7:5E:54:C2:A1:29:51:2F:51:62
         SHA256: 7F:EA:88:65:24:A7:39:20:93:14:54:0D:53:B7:50:85:D9:8B:55:5F:72:43:EB:94:99:FC:93:CE:25:4A:BA:27
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

当我尝试通过Chrome / Mozilla访问它时,无法访问主机,并且不为我的端点提供服务。

如果我需要进行其他配置/必须在浏览器中导入任何证书,请提供帮助。

关于, Suvojit

1 个答案:

答案 0 :(得分:0)

尝试像这样配置您的 RestTemplate:

  1. 添加依赖:

     implementation 'org.apache.httpcomponents:httpclient:4.5'

  2. 提供 RestTemplate bean:

@Bean
private RestTemplate restTemplate() {
        SSLContext sslContext = buildSslContext();
        SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext);

        HttpClient httpClient = HttpClients.custom()
                .setSSLSocketFactory(socketFactory)
                .build();

        HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);

        return new RestTemplate(factory);
    }

private SSLContext buildSslContext() {
        try {
            char[] keyStorePassword = sslProperties.getKeyStorePassword();
            return new SSLContextBuilder()
                    .loadKeyMaterial(
                            KeyStore.getInstance(new File(sslProperties.getKeyStore()), keyStorePassword),
                            keyStorePassword
                    ).build();
        } catch (Exception ex) {
            throw new IllegalStateException("Unable to instantiate SSL context", ex);
        } finally {
            sslProperties.setKeyStorePassword(null);
            sslProperties.setTrustStorePassword(null);
        }
    }
  1. 在 application.properties 或 application.yaml 文件中提供所需的 SSL 属性:
server:
    ssl:
        enabled: true
        key-store: /path/to/key.keystore
        key-store-password: password
        key-alias: alias
        trust-store: /path/to/truststore
        trust-store-password: password

就是这样。现在您可以看到您的 Tomcat 在 8080(或其他端口)(https)上启动。

或者,您可以使用 my spring boot starter

相关问题
最新问题