springboot程序 ssl 加密通信

1, 生成keystore

 #免交互： keytool -genkeypair -v -alias testKey -keyalg RSA -validity 365000 -keystore test.keystore \
-storepass 123456789 -keypass 123456789 \
-dname "cn=my.com.web, ou=devops, o=my.com, c=CN, l=bj , st=bj "
 		   
[wang@c7-iris2 sh]# keytool -genkeypair -v -alias testKey -keyalg RSA -validity 365000 -keystore test.keystore
 Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  my.com
What is the name of your organizational unit?
  [Unknown]:  devops
What is the name of your organization?
  [Unknown]:  my.com
What is the name of your City or Locality?
  [Unknown]:  bj
What is the name of your State or Province?
  [Unknown]:  bj
What is the two-letter country code for this unit?
  [Unknown]:  CN
Is CN=my.com, OU=devops, O=my.com, L=bj, ST=bj, C=CN correct?
  [no]:  yes

Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 3,650 days
        for: CN=my.com, OU=devops, O=my.com, L=bj, ST=bj, C=CN
Enter key password for <testKey>
        (RETURN if same as keystore password):
Re-enter new password:
[Storing test.keystore]

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore test.keystore -destkeystore test.keystore -deststoretype pkcs12".


[root@cdh-c6-master aaa]# ls
test.keystore
[wang@c7-iris2 ~]# mkdir /usr/share/ssl
[wang@c7-iris2 ~]# cp test.keystore /usr/share/ssl/tomcat.keystore

2, tomcat启动：配置server.xml

[wang@c7-iris2 ~]# vi apache-tomcat-8.5.54/conf/server.xml
 <Connector port="8080" protocol="HTTP/1.1" SSLEnabled="true"
       maxThreads="150" scheme="https" secure="true"
       keystoreFile="/usr/share/ssl/tomcat.keystore"
       keystorePass="123456789"
       clientAuth="false"  />

3, jar包启动：配置application.properties

[wang@c7-iris2 ~]# cat application.properties
server.port=8088
server.ssl.key-store=C:/tomcat.keystore
server.ssl.keyStoreType=JKS
server.ssl.key-store-password=123456

打完Jar 包后, 启动jar包：