一、阿里云购买cas证书、配置证书、下载证书
2.下载证书
3.证书
二、项目打包方式一: jar包
1.下载的证书放在项目根目录下
2.application.properties配置文件中的配置
3.证书放在项目部署的服务器同级目录中
4.启动项目
nohup java -jar dwSmartBuffet-0.0.1-SNAPSHOT.jar >logs/log.out &5.访问项目
三、项目打包方式二:war包
(一)下载的证书压缩成tomcat所支持的.jks
1.打开你安装的jdk目录下(JDK中keytool是一个证书管理工具)
把证书放在bin目录下
2.打开dos命令框
输入命令:
keytool -importkeystore -srckeystore xxxxxxx.pfx -destkeystore 域名.jks -srcstoretype PKCS12 -deststoretype JKS3.输入密码,三次输入的密码必须要和解压的证书里密码一致
4.记下别名:alias
此处依然可以再分方法:
方法一:
5.在bin目录下找到 jks文件(复制到项目的application.properties同级目录)
6.修改Spring Boot的application.properties
#https加密端口号 443
server.port=443
#SSL证书路径 一定要加上classpath:
server.ssl.key-store=classpath:域名.jks
#SSL证书密码
server.ssl.key-store-password=xxxxxx
#证书类型
server.ssl.key-store-type=JKS
#证书别名
server.ssl.key-alias=alias7.修改启动类,是http重定向到https
@SpringBootApplication
public class WebchatApplication {
public static void main(String[] args) {
SpringApplication.run(WebchatApplication.class, args);
}
/**
* http重定向到https
* @return
*/
@Bean
public TomcatServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint constraint = new SecurityConstraint();
constraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
constraint.addCollection(collection);
context.addConstraint(constraint);
}
};
tomcat.addAdditionalTomcatConnectors(httpConnector());
return tomcat;
}
@Bean
public Connector httpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
//Connector监听的http的端口号
connector.setPort(80);
connector.setSecure(false);
//监听到http的端口号后转向到的https的端口号
connector.setRedirectPort(443);
return connector;
}
}方法二:
修改服务器上的tomcat的配置文件server.xml
8.修改tomcat的配置文件server.xml
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
<Connector port="443" protocol="org.apache.coyote.http11.Http11Nio2Protocol" defaultSSLHostConfigName="www.tonglige.com" maxThreads="150" SSLEnabled="true" >
<SSLHostConfig hostName="xxxxx.com">
<Certificate certificateKeystoreFile="/home/apps/tomcat85/webapps/xxxx.jks" certificateKeystorePassword="xxxx" keystorePass="xxxx" type="RSA" />
</SSLHostConfig>
</Connector>(二)下载的证书:xxxxxxxxx.pfx
1.服务器上tomcat中创建文件夹 cert
把下载的证书、密钥两个文件 放入到cert文件夹中
2.修改tomcat的配置文件server.xml
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" /><Connector port="443"
protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true"
scheme="https"
secure="true"
keystoreFile="/mnt/java/tomcat/cert/域名.pfx"
keystoreType="PKCS12"
keystorePass="密码"
clientAuth="false"
SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>如图:
参考:
https://help.aliyun.com/document_detail/102939.html?spm=a2c4g.11186623.6.578.39c62de9XRkFhA
3.重启tomcat