1.生成证书,可以使自签名或者从SSL证书授权中心获得的。
JDK中keytool是一个证书管理工具,可以生成自签名证书。
生成命令如下(找不到keytoo命令的先去配置java环境)
我指定的名字叫tomcat.keystore 别名叫tomcat,密码自己设置,我这里用的tomcat,最后那个直接按得回车
keytool -genkey -alias tomcat -keyalg RSA -keystore D:/tomcat.keystore
2.SpringBoot配置SSL
将这个tomcat.keystore拷贝到项目根目录下(项目根目录,比如我的idea项目叫meatball-parent,然后这里我这个module叫meatball-admin,所以我们的证书应该放在meatball-parent下)
3.让后配置application.yml
server:
port: 443 #配置端口号
#port: 12580
ssl:
# 证书名称
key-store: yikatong.keystore
#密钥库密码
key-store-password: P@ssw0rd
key-store-type: JKS
key-alias: yikatong
此刻启动项目,输入 https://localhost/即可
平时输入http://www.baidu.com会自动跳转到https 实现如下:
package com.meatball.component;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;
import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* Https转换
*/
@Configuration
public class HttpsComponent {
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory(){
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
//confidential
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(httpConnector());
return tomcat;
}
@Bean
public Connector httpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
//Connector监听的http的端口号
connector.setPort(80);
connector.setSecure(false);
//监听到http的端口号后转向到的https的端口号
connector.setRedirectPort(443);
return connector;
}
}
此时运行http://localhost,会自动跳转到https://localhost