1、获取证书
阿里云:进入阿里云证书购买界面,选择单个域名,证书类型选择-DV域名SSL,将证书托管业务关闭,就会出现以下界面,然后点击购买绑定域名下载即可:
华为云:进入华为云证书购买界面,证书类型选择DV(Basic),证书品牌选择DigCert,就会出现以下界面,然后点击购买绑定域名下载即可:
2、配置ssl证书
将*.pfx 或*.jks文件放到项目的resources目录下,并再yml文件中配置:
server:
port: 443
ssl:
key-store: classpath:证书文件名.后缀名
key-store-password: 密码
key-store-type: PKCS12(pfx证书)|JKS(jks证书)
然后在*Application启动类中加入如下代码:
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
return tomcat;
}
private Connector initiateHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(80);
connector.setRedirectPort(443);
connector.setSecure(false);
return connector;
}
3、最后一步,在pom.xml 加入(此处必须添加否则启动报错)
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-resources-plugin</artifactId> <configuration><encoding>UTF-8</encoding> <!-- 过滤后缀为pkcs12、jks、pdx的证书文件 --> <nonFilteredFileExtensions> <nonFilteredFileExtension>pkcs12</nonFilteredFileExtension> <nonFilteredFileExtension>jks</nonFilteredFileExtension> <nonFilteredFileExtension>pfx</nonFilteredFileExtension> </nonFilteredFileExtensions> </configuration> </plugin>
至此,项目可正常启动,ssl证书配置成功
