根据《SpringBoot实战》操作~
1、生成证书
cd 到JDK目录下的bin文件夹
命令:
keytools -genkey alias tomcat
问题:
这里需要指定-keyalg RSA,不然会出现ERR_SSL_VERSION_OR_CIPHER_MISMATCH 错误 导致无法访问。
即使修改配置文件中
server.ssl.protocol=TLS
server.ssl.enabled-protocols=TLSv1.2
server.ssl.ciphers = blabla
协议版本和加密方式正确对应对应也无法解决ERR_SSL_VERSION_OR_CIPHER_MISMATCH
2、http重定向到https
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
public EmbeddedServletContainerFactory (){
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory(){
@Override
protected void postProcessContext(Context context){
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(httpConnector());
return tomcat;
}
private Connector httpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8888);
connector.setSecure(false);
connector.setRedirectPort(8080);
return connector;
}
|
其中SpringBoot2.0已经不支持EmbeddedServletContainerFactory和TomcatEmbeddedServletContainerFactory,需要修改为ServletWebServerFactory和TomcatServletWebServerFactory
近期评论