1、獲取證書
阿里雲:進入阿里雲證書購買界面,選擇單個域名,證書類型選擇-DV域名SSL,將證書托管業務關閉,就會出現以下界面,然后點擊購買綁定域名下載即可:
華為雲:進入華為雲證書購買界面,證書類型選擇DV(Basic),證書品牌選擇DigCert,就會出現以下界面,然后點擊購買綁定域名下載即可:
2、配置ssl證書
將*.pfx 或*.jks文件放到項目的resources目錄下,並再yml文件中配置:
server:
port: 443
ssl:
key-store: classpath:證書文件名.后綴名
key-store-password: 密碼
key-store-type: PKCS12(pfx證書)|JKS(jks證書)
然后在*Application啟動類中加入如下代碼:
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
return tomcat;
}
private Connector initiateHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(80);
connector.setRedirectPort(443);
connector.setSecure(false);
return connector;
}
3、最后一步,在pom.xml 加入(此處必須添加否則啟動報錯)
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-resources-plugin</artifactId> <configuration><encoding>UTF-8</encoding> <!-- 過濾后綴為pkcs12、jks、pdx的證書文件 --> <nonFilteredFileExtensions> <nonFilteredFileExtension>pkcs12</nonFilteredFileExtension> <nonFilteredFileExtension>jks</nonFilteredFileExtension> <nonFilteredFileExtension>pfx</nonFilteredFileExtension> </nonFilteredFileExtensions> </configuration> </plugin>
至此,項目可正常啟動,ssl證書配置成功
