Spring Boot - 启用和配置 SSL 证书
[英]Spring Boot - enable and configure SSL certificate
问题描述
I have this certificates / files in order to enable SSL for my application:
我有这些证书/文件以便为我的应用程序启用 SSL:
I found out that this properties are needed for Spring Boot to enable HTTPS:我发现 Spring Boot 启用 HTTPS 需要这些属性:
server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=****
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat
but this does not work.但这不起作用。 My question now would be what do I have to do in order to get it work?我现在的问题是我必须做什么才能让它发挥作用? https://abc.lehr.co.at should be the URL. https://abc.lehr.co.at应该是 URL。
[EDIT] [编辑]
I have created my own keystore - with this I get the following exception:我创建了自己的密钥库 - 有了这个我得到以下异常:
java.io.IOException: Alias name tomcat does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:596)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:534)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:363)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:739)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:472)
at org.apache.coyote.http11.Http11NioProtocol.start(Http11NioProtocol.java:81)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:986)
My keystore looks like this:我的密钥库如下所示:
Actually I don't know what to import into keystore for embedded tomcat (Spring Boot).实际上,我不知道要为嵌入式 tomcat(Spring Boot)导入什么密钥库。
5 个解决方案
解决方案1
12 已采纳 2018-03-31 21:32:13
To enable SSL, you must provide a private key, and not a trusted certificate. 要启用SSL,您必须提供私钥,而不是可信证书。
In your keystore, 'tomcat' should be listed as an alias for a privatekeyentry and not a trustedcertentry . 在您的密钥库中,'tomcat'应该被列为privatekeyentry的别名而不是trustedcertentry 。
解决方案2
3 2018-04-04 22:45:36
You have to pack your private keys to PFX file or P12 with specifiyng aliases. 您必须将私钥打包到PFX文件或具有特定别名的P12。 So, it will be picked up accordingly from the keyStore after loading materials. 因此,在加载材料后,它将从keyStore中相应地被拾取。
Use this tool to figure out what alias are: 使用此工具找出别名:
keytool -list -storetype pkcs12 -keystore my_debug_keystore.p12 -storepass debug
解决方案3
0 2018-04-07 18:35:56
I'd suggest you create your KeyStore in JKS format: 我建议你用JKS格式创建你的KeyStore:
keytool -genkey -keyalg RSA -alias my_alias -keystore keystore.jks -storepass password -validity 360 -keysize 2048
then add the configuration: 然后添加配置:
server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.jks
server.ssl.key-store-password=****
server.ssl.keyStoreType=JKS
server.ssl.keyAlias=my_alias
解决方案4
0 2018-11-14 11:47:52
server.port=8089
server.ssl.enabled=true
server.ssl.key-store=src/main/resources/keystore.p12
server.ssl.key-store-password=****
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat << This should be the alias of yourfile.12 if you have forgotten just create a new one and replace it>>
And dnt forget to add 并且dnt忘记添加
security.require-ssl=true <<Tell Spring Security (if used) to require requests over HTTPS>>
解决方案5
0 2022-01-18 10:27:22
First you may convert your .pem file to a DER and then generate a keystore.首先,您可以将 .pem 文件转换为 DER,然后生成密钥库。 See https://stackoverflow.com/a/13992135/16358980 how to do this.请参阅https://stackoverflow.com/a/13992135/16358980如何执行此操作。
In your application.properties, change key-store property to your generated keystore file:在您的 application.properties 中,将密钥库属性更改为您生成的密钥库文件:
server.ssl.key-store=<your-generated-keystore>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.