Chapter 22 - Open the HTTPS

spring boot Learning Series record: http://www.cnblogs.com/jinxiaohang/p/8111057.html

Source code Cloud Address: https://gitee.com/jinxiaohang/springboot

A, HTTPS

　　HTTPS (full name: Hyper Text Transfer Protocol over SecureSocket Layer ), is safe for the target HTTP channel, on the basis of HTTP to ensure the security of the transmission through the transmission encryption and authentication    . HTTPS is added to the HTTP lower layer SSL, HTTPS is SSL security infrastructure, thus requires detailed encrypted SSL. Of HTTPS (HTTP and TCP in between) different from the HTTP default port and an encryption / authentication layer. The system provides authentication and encrypted communications methods. It is now widely used on the World Wide Web security-sensitive communications, such as transaction payment terms and so on   . ----------- from Baidu Encyclopedia

Two, SSL certificates generated

　　Jdk that comes through the local certificate generation tool keytool. Enter the path to the next item, enter the following command (system environment variables need to configure JDK):

keytool -genkey alias tomcat -storetype PKCS12 -keyalg RSA -keystore keystore.p12

　　Proceed as follows:

 

Third, the configuration file

　　1, the generated keystore.p12 copied to the resource file.

 　　2, then adding configure

server.port=8080
server.ssl.enabled=true
server.ssl.key-store=classpath:keystore.p12
server.ssl.key-store-password=123456
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=tomcat

 

四、HTTP端口转发

　　1、如果是现在启动项目，访问 http://127.0.0.1:8080 会出现以下问题：

 

 

　　2、当然可以直接访问 https://127.0.0.1:8080 ，或者增加一个配置类，添加以下代码，并需改配置文件 

    @Bean
    public TomcatServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint constraint = new SecurityConstraint();
                constraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                constraint.addCollection(collection);
                context.addConstraint(constraint);
            }
        };
        tomcat.addAdditionalTomcatConnectors(httpConnector());
        return tomcat;
    }

    @Bean
    public Connector httpConnector() {
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        // Connector监听的http的端口号
        connector.setPort(8080);
        connector.setSecure(false);
        // 监听到http的端口号后转向到的https的端口号
        connector.setRedirectPort(8443);
        return connector;
    }

View Code

 

server.port=8443

可以实现HTTP下的8080端口向HTTPS下的8443端口转发。

 　　3、再次启动，并访问 http://127.0.0.1:8080，它会实现自动跳转。

 

五、抛异常！！！

　　如果抛出以下异常：

java.lang.UnsatisfiedLinkError: org.apache.tomcat.jni.SSL.renegotiatePending(J)I
        at org.apache.tomcat.jni.SSL.renegotiatePending(Native Method) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.openssl.OpenSSLEngine.getHandshakeStatus(OpenSSLEngine.java:1021) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.openssl.OpenSSLEngine.wrap(OpenSSLEngine.java:457) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) ~[na:1.8.0_192]
        at org.apache.tomcat.util.net.SecureNioChannel.handshakeWrap(SecureNioChannel.java:440) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:211) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1394) ~[tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_192]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_192]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.13.jar!/:9.0.13]
        at java.lang.Thread.run(Thread.java:748) [na:1.8.0_192]

　　尝试更换springboot和tomcat的版本，参考：https://zhuanlan.zhihu.com/p/54204871
　　我使用的springboot:2.1.1.RELEASE,tomcat:9.0.12，可以解决上述问题。

　　观察启动时输入的日志，他是有提示这样的信息：

2019-11-21 15:25:52.894  INFO 22216 --- [           main] o.a.catalina.core.AprLifecycleListener   : An older version [1.2.17] of the APR based Apache Tomcat Native library is installed, while Tomcat recommends a minimum version of [1.2.23]

　　意思是Apache Tomcat Native library的版本过低，需要升级本地的Apache Tomcat Native library版本。

六、参考

　　生成证书参考：https://www.cnblogs.com/benwu/articles/4891758.html