一、為什么要部署SSL證書：

? ? ? ?目前互聯網采取的是全網強制SSL，尤其是微信開發、APP開發、谷歌等都是強制的，為確保數據安全性，把http請求改成HTTPS(URL https://而不是http://)請求確保客戶端與站點傳輸數據的加密作用，所有操作系統都可以部署。

二、SSL證書是什么？

? ? ? ?SSL(Secure socket layer)對用戶和服務器進行認證，對傳輸數據進行加密的和隱藏的全球化標準的的安全協議，保證在互聯網交易中，雙方傳遞信息的安全性。

詳細的各位小伙伴可自行百度哦。

三、獲取SSL證書

? ? ? ?可登陸阿里云官網，搜索欄搜索ssl然后點擊購買，里面有免費的證書，選擇服務器類型下載證書就行。

四、Springboot項目中配置SSL證書

? ? ? ?有兩種方案可進行SSL證書的配置，一種是直接用原來的格式，一種是轉化為jks格式的。兩種配置方法一樣，只是證書格式不一樣。

轉化為jks文件代碼，也可以用其他方法進行轉化，網上都有教程

public class SSL {public static final String PKCS12 = "PKCS12"; public static final String JKS = "JKS";????// pfx文件路徑????public static final String PFX_KEYSTORE_FILE = "4268356_www.lanfei21.net.pfx";// pfx文件位置????// 導出為pfx文件的設的密碼????public static final String KEYSTORE_PASSWORD = "GMyQrDJ6";????// 新生成的jks文件保存位置????public static final String JKS_KEYSTORE_FILE = "E:\\disinfestation.jks"; public static void main(String[] args) {coverTokeyStore(); }public static void coverTokeyStore() {try {
KeyStore inputKeyStore = KeyStore.getInstance(PKCS12); FileInputStream fis = new FileInputStream(PFX_KEYSTORE_FILE); char[] mPwd = null; if (KEYSTORE_PASSWORD == null || KEYSTORE_PASSWORD.trim().equals("")) {
mPwd = null; } else {
mPwd = KEYSTORE_PASSWORD.toCharArray(); }
inputKeyStore.load(fis, mPwd); fis.close(); KeyStore outKeyStore = KeyStore.getInstance(JKS); outKeyStore.load(null, mPwd); Enumeration enums = inputKeyStore.aliases(); while (enums.hasMoreElements()) {
String keyAlias = (String) enums.nextElement(); System.out.println("alias=[" + keyAlias + "]"); if (inputKeyStore.isKeyEntry(keyAlias)) {
java.security.Key key = inputKeyStore
.getKey(keyAlias, mPwd); Certificate[] certChain = inputKeyStore
.getCertificateChain(keyAlias); outKeyStore.setKeyEntry(keyAlias, key, mPwd, certChain); }
FileOutputStream fos = new FileOutputStream(JKS_KEYSTORE_FILE); outKeyStore.store(fos, mPwd); fos.close(); }
} catch (KeyStoreException e) {// TODO Auto-generated catch block e.printStackTrace(); } catch (FileNotFoundException e) {// TODO Auto-generated catch block e.printStackTrace(); } catch (NoSuchAlgorithmException e) {// TODO Auto-generated catch block e.printStackTrace(); } catch (CertificateException e) {// TODO Auto-generated catch block e.printStackTrace(); } catch (IOException e) {// TODO Auto-generated catch block e.printStackTrace(); } catch (UnrecoverableKeyException e) {// TODO Auto-generated catch block e.printStackTrace(); }
}public static void coverToPfx() {try {
KeyStore inputKeyStore = KeyStore.getInstance(JKS); FileInputStream fis = new FileInputStream(JKS_KEYSTORE_FILE); char[] mPwd = null; if (KEYSTORE_PASSWORD == null || KEYSTORE_PASSWORD.trim().equals("")) {
mPwd = null; } else {
mPwd = KEYSTORE_PASSWORD.toCharArray(); }
inputKeyStore.load(fis, mPwd); fis.close(); KeyStore outKeyStore = KeyStore.getInstance(PKCS12); outKeyStore.load(null, mPwd); Enumeration enums = inputKeyStore.aliases(); while (enums.hasMoreElements()) {
String keyAlias = (String) enums.nextElement(); System.out.println("alias=[" + keyAlias + "]"); if (inputKeyStore.isKeyEntry(keyAlias)) {
java.security.Key key = inputKeyStore
.getKey(keyAlias, mPwd); Certificate[] certChain = inputKeyStore
.getCertificateChain(keyAlias); outKeyStore.setKeyEntry(keyAlias, key, mPwd, certChain); }
FileOutputStream fos = new FileOutputStream(PFX_KEYSTORE_FILE); outKeyStore.store(fos, mPwd); fos.close(); }
} catch (KeyStoreException e) {// TODO Auto-generated catch block e.printStackTrace(); } catch (FileNotFoundException e) {// TODO Auto-generated catch block e.printStackTrace(); } catch (NoSuchAlgorithmException e) {// TODO Auto-generated catch block e.printStackTrace(); } catch (CertificateException e) {// TODO Auto-generated catch block e.printStackTrace(); } catch (IOException e) {// TODO Auto-generated catch block e.printStackTrace(); } catch (UnrecoverableKeyException e) {// TODO Auto-generated catch block e.printStackTrace(); }
}
}

在配置文件中加上這些

#https加密端口號 443server.port=443#SSL證書路徑 一定要加上classpath: 3824167.jksserver.ssl.key-store=classpath:qingfeng.jks#SSL證書密碼6cj3QrToserver.ssl.key-store-password=7K8UBVe5#證書類型server.ssl.key-store-type=JKS#證書別名server.ssl.key-alias=alias

在Springboot啟動類中進行配置http轉HTTPS代碼

/** * http 轉 https */@Beanpublic Connector connector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); // 監聽的http端口 ???? connector.setPort(80); connector.setSecure(false); // 監聽到http端口后跳轉的https端口 connector.setRedirectPort(443); return connector;}/** * 攔截所有的請求 */@Beanpublic TomcatServletWebServerFactory tomcatServletWebServerFactory(Connector connector) {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {@Override protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addMethod("post"); collection.addPattern("/*"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); }
}; tomcat.addAdditionalTomcatConnectors(connector); return tomcat;}

此時運行http://localhost:80，會自動跳轉到https://localhost:443

總結

以上是生活随笔為你收集整理的asn1 pem pfx格式证书_Springboot中详细配置SSL证书的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。