1. 申請 SSL 證書
下載解壓有如下四個文件:*.key(密鑰文件)、*.pem、*.pfx(pfx 類型證書)、*.txt(密碼文件)
2. 使用 JDK 證書管理工具 keytool.exe 打包 jks 文件
(1)打開 CMD 進入 JDK 所在目錄,如 cd D:\Program Files\Java\jdk1.8.0_131\bin 進入 bin 目錄:
(2)執行如下打包命令
C:\Users\Administrator\Desktop\ssl\20200427.pfx 需修改為自己的 SSL pfx 證書文件目錄;
20200427.jks 為自己命名的 jks 文件;
keytool -importkeystore -srckeystore C:\Users\Administrator\Desktop\ssl\20200427.pfx -destkeystore 20200427.jks -srcstoretype PKCS12 -deststoretype JKS
(3)輸入三次密碼(三次密碼一致,密碼為 *.txt 文件)
出現如上圖所示,則打包 jks 文件成功,並記住別名:alias。
(4)在 JDK 中的 bin 目錄找到 jks 文件
復制 20200427.jks 文件至項目的 application.properties 或 application.yml 同級目錄。
3. 修改 SpringBoot 配置文件 application.properties 或 application.yml
本例以 application.yml 為示例:
server: # https 加密端口號 443 port: 443 ssl: # SSL 證書路徑,classpath 必不可少 key-store: classpath:20200427.jks # SSL 證書密碼 key-store-password: WQXLFRGHT # 證書類型 key-store-type: JKS # 證書別名 key-alias: alias
4. 新建配置類 HttpsConfig
(1)同時支持 https 和 http 兩種協議
SpringBoot 1.5 版本代碼:
@Configuration public class HttpsConfig { @Bean public EmbeddedServletContainerFactory servletContainer() { TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory(); tomcat.addAdditionalTomcatConnectors(initiateHttpConnector()); return tomcat; } private Connector initiateHttpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setPort(8101); return connector; } }
SpringBoot 2.0 版本代碼:
@Configuration public class HttpsConfig { @Bean public TomcatServletWebServerFactory servletContainer() { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory(); tomcat.addAdditionalTomcatConnectors(httpConnector()); return tomcat; } @Bean public Connector httpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setPort(8101); return connector; } }
(2)訪問 http 自動重定向 https
SpringBoot 1.5 版本代碼:
@Configuration public class HttpsConfig { @Bean public EmbeddedServletContainerFactory servletContainer() { TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); } }; tomcat.addAdditionalTomcatConnectors(initiateHttpConnector()); return tomcat; } private Connector initiateHttpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); connector.setPort(8101); connector.setSecure(false); connector.setRedirectPort(443); return connector; } }
SpringBoot 2.0 版本代碼:
@Configuration public class HttpsConfig { @Bean public TomcatServletWebServerFactory servletContainer() { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint constraint = new SecurityConstraint(); constraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); constraint.addCollection(collection); context.addConstraint(constraint); } }; tomcat.addAdditionalTomcatConnectors(httpConnector()); return tomcat; } private Connector httpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); // Connector 監聽的 http 的端口號 connector.setPort(8101); connector.setSecure(false); // 監聽到http的端口號后轉向到的https的端口號 connector.setRedirectPort(443); return connector; } }
5. 啟動 SpringBoot 服務
若出現如下日志,則表示啟動配置成功,其中 443 代表 https 端口,8101 代表 http 端口:
訪問地址進行測試: