如何使用 a.pem SSL 证书为 REST API 开发为 Z38008DD81C2F4D798Z5ECFDE 应用程序
[英]How to use a .pem SSL certificate for REST API developed as Spring Boot application
问题描述
We have a Spring Boot application for REST web services which is still under development.
我们有一个 Spring 启动应用程序,用于 REST web 服务,该服务仍在开发中。 And we are using self signed certificate for now.我们现在正在使用自签名证书。
Now, it will be deployed into a system along with 1 more already developed application.现在,它将与另外 1 个已开发的应用程序一起部署到一个系统中。 This pre-existing application uses self signed certificate by default but gives client an option to upload CA certificates if they want.这个预先存在的应用程序默认使用自签名证书,但如果客户愿意,可以选择上传 CA 证书。 Now, we want to use the same certificate for this new application.现在,我们想为这个新应用程序使用相同的证书。
Basically, we want the client to use 1 certificate for 2 application running in 1 system.基本上,我们希望客户端为在 1 个系统中运行的 2 个应用程序使用 1 个证书。
Now, this existing application has certificate files like.pem and.cer.现在,这个现有的应用程序具有像.pem 和.cer 这样的证书文件。
How can I use this certificate in my Spring Boot application which uses certificate in the format of jks?如何在使用 jks 格式证书的 Spring 引导应用程序中使用此证书?
And off course, in case of any update, the certificate should be available to both of the applications.当然,如果有任何更新,证书应该对两个应用程序都可用。
3 个解决方案
解决方案1
6 2019-10-10 12:38:35
PEM is a well-known file format when it comes to certificates. PEM 是一种众所周知的证书文件格式。 Except when it comes to Java.除非涉及 Java。 As Java does only use JKS (its Java-only, binary Keystore) or PKCS12 for keys and certificates.由于 Java 仅使用 JKS(其仅 Java 的二进制密钥库)或 PKCS12 用于密钥和证书。 So we have to convert PEM encoded certificates to JKS or PKCS12 so that Java can consume that.所以我们必须将 PEM 编码的证书转换为 JKS 或 PKCS12,以便 Java 可以使用它。 But that may be ugly in a lot of situations.但这在很多情况下可能很难看。
you can use below dependency in your spring-boot application.您可以在 spring-boot 应用程序中使用以下依赖项。
<dependency>
<groupId>de.dentrassi.crypto</groupId>
<artifactId>pem-keystore</artifactId>
<version>2.0.0</version>
</dependency>
then add然后加
KeyStore keyStore = KeyStore.getInstance("PEM");
for more info了解更多信息
https://github.com/ctron/pem-keystore https://github.com/ctron/pem-keystore
application.properties
server.ssl.enabled=true
server.ssl.key-store=/path/to/keystore.properties
server.ssl.key-store-type=PEMCFG
server.ssl.key-store-password=dummy
server.ssl.key-alias=keycert
And then you create the file keystore.properties :然后创建文件keystore.properties :
alias=keycert
source.cert=/etc/…/fullchain.pem
source.key=/etc/…/privkey.pem
解决方案2
2 2022-05-22 07:45:25
As of Spring Boot 2.7 it's possible to use PEM-encoded certificate and private key files. 从 Spring Boot 2.7开始,可以使用 PEM 编码的证书和私钥文件。
See the below example.请参见下面的示例。
server:
port: 8443
ssl:
certificate: "classpath:my-cert.crt"
certificate-private-key: "classpath:my-cert.key"
trust-certificate: "classpath:ca-cert.crt"
key-store-password: "secret"
解决方案3
-1 2019-10-10 12:11:18
for testing secured API you can use Fiddler a tool for bypassing or faking the SSL.要测试安全的 API,您可以使用 Fiddler 一种绕过或伪造 SSL 的工具。
(OR) (或者)
you can configure application properties like below.您可以配置应用程序属性,如下所示。
server.port: 8443
security.require-ssl=true
server.ssl.key-store:/etc/letsencrypt/live/seeld.eu/keystore.p12
server.ssl.key-store-password: <your-password>
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: tomcat
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.