根据《SpringBoot实战》操作~
1、生成证书
cd 到JDK目录下的bin文件夹
命令:
keytools -genkey alias tomcat
问题:
这里需要指定-keyalg RSA,不然会出现ERR_SSL_VERSION_OR_CIPHER_MISMATCH 错误 导致无法访问。
即使修改配置文件中
server.ssl.protocol=TLS
server.ssl.enabled-protocols=TLSv1.2
server.ssl.ciphers = blabla
协议版本和加密方式正确对应对应也无法解决ERR_SSL_VERSION_OR_CIPHER_MISMATCH
2、http重定向到https
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
|
public EmbeddedServletContainerFactory (){ TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory(){ @Override protected void postProcessContext(Context context){ SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); } }; tomcat.addAdditionalTomcatConnectors(httpConnector()); return tomcat; }
private Connector httpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); connector.setPort(8888); connector.setSecure(false); connector.setRedirectPort(8080); return connector; }
|
其中SpringBoot2.0已经不支持EmbeddedServletContainerFactory和TomcatEmbeddedServletContainerFactory,需要修改为ServletWebServerFactory和TomcatServletWebServerFactory
近期评论