java 在 Spring Boot 2.0 中使用自签名证书启用 HTTPS
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/49324700/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Enable HTTPS with self-signed certificate in Spring Boot 2.0
提问by Triet Doan
I'm following this tutorialto enable HTTPS in Spring Boot 2.0 using a self-signed certificate, just for testing purpose. In summary, that tutorial includes these steps:
我正在按照本教程使用自签名证书在 Spring Boot 2.0 中启用 HTTPS,仅用于测试目的。总之,该教程包括以下步骤:
1.Generate the keystore using keytool.
1.使用生成密钥库keytool。
keytool -genkey -alias tomcat
-storetype PKCS12 -keyalg RSA -keysize 2048
-keystore keystore.p12 -validity 3650
2.Enable HTTPS in Spring Boot by adding some properties in the application.propertiesfile.
2.通过在application.properties文件中添加一些属性,在 Spring Boot 中启用 HTTPS 。
server.port: 8443
server.ssl.key-store: keystore.p12
server.ssl.key-store-password: mypassword
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: tomcat
3.Redirect HTTP to HTTPS (optional). I ignored this part.
3.将 HTTP 重定向到 HTTPS(可选)。我忽略了这部分。
But when I start my application, I got these error:
但是当我启动我的应用程序时,我收到了这些错误:
org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:225) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:255) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:300) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:162) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:552) [spring-context-5.0.4.RELEASE.jar:5.0.4.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:752) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:388) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:327) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1246) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1234) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
at epic.gwdg.restgraph.RestgraphApplication.main(RestgraphApplication.java:10) [classes/:na]
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1021) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
... 13 common frames omitted
Caused by: java.lang.IllegalArgumentException: Private key must be accompanied by certificate chain
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1150) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:591) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1018) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
... 14 common frames omitted
Caused by: java.lang.IllegalArgumentException: Private key must be accompanied by certificate chain
at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1170) ~[na:na]
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:257) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
... 19 common frames omitted
2018-03-16 16:42:30.917 INFO 970 --- [ main] o.apache.catalina.core.StandardService : Stopping service [Tomcat]
2018-03-16 16:42:30.931 INFO 970 --- [ main] ConditionEvaluationReportLoggingListener :
Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2018-03-16 16:42:30.933 ERROR 970 --- [ main] o.s.b.d.LoggingFailureAnalysisReporter :
***************************
APPLICATION FAILED TO START
***************************
Description:
The Tomcat connector configured to listen on port 8443 failed to start. The port may already be in use or the connector may be misconfigured.
Action:
Verify the connector's configuration, identify and stop any process that's listening on port 8443, or configure this application to listen on another port.
2018-03-16 16:42:30.934 INFO 970 --- [ main] ConfigServletWebServerApplicationContext : Closing org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@58ce9668: startup date [Fri Mar 16 16:42:26 CET 2018]; root of context hierarchy
2018-03-16 16:42:30.936 INFO 970 --- [ main] o.s.j.e.a.AnnotationMBeanExporter : Unregistering JMX-exposed beans on shutdown
Process finished with exit code 1
Basically, the message is:
基本上,消息是:
Private key must be accompanied by certificate chain.
私钥必须附有证书链。
This is a self-signed certificate, so it, of course, doesn't have the trusted chain. How can I fix it?
这是一个自签名证书,因此它当然没有可信链。我该如何解决?
Here is my current application.propertiesfile:
这是我当前的application.properties文件:
server.port=8443
server.ssl.enabled=true
server.ssl.key-store=classpath:keystore.p12
server.ssl.key-password=123456
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=tomcat
Thank you so much for your help.
非常感谢你的帮助。
回答by e2rabi
The problem is that in your generated keystore you dont have a key pair so there is no private key that's because your using the option -genkey you need to change it by the option -genkeypair :
问题在于,在您生成的密钥库中,您没有密钥对,因此没有私钥,这是因为您使用选项 -genkey 需要通过选项 -genkeypair 更改它:
-genkey generates a Secret Key whereas the -genkeypair generates a key pair (a public key and a private key).
-genkey 生成密钥,而 -genkeypair 生成密钥对(公钥和私钥)。
So I think this should work :
所以我认为这应该有效:
keytool -genkeypair -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
In your spring boot configuration change ":" by "=" and add the path to your keystore I suppose that your keystore.p12 is in your resources folder so :
在您的 Spring Boot 配置中,将“:”更改为“=”并将路径添加到您的密钥库中,我想您的 keystore.p12 位于您的资源文件夹中,因此:
server.ssl.key-store = classpath:keystore.p12
server.ssl.key-store-password = mypassword
server.ssl.key-store-type = PKCS12
server.ssl.key-alias = tomcat
回答by jocull
I was getting this horrible Private key must be accompanied by certificate chainerror as well on my Spring Boot application with an embedded Tomcat server. It was making me insane.
我在Private key must be accompanied by certificate chain带有嵌入式 Tomcat 服务器的 Spring Boot 应用程序上也遇到了这个可怕的错误。这让我发疯了。
It turns out a simple typo was my problem:
原来一个简单的错字是我的问题:
@Override
public void customize(ConfigurableServletWebServerFactory server) {
Ssl ssl = new Ssl();
ssl.setEnabled(true);
ssl.setKeyStore(keystoreFile);
ssl.setKeyPassword(keystorePass); // << Should be `setKeyStorePassword` !!!!
ssl.setKeyStoreType(keystoreType);
ssl.setKeyAlias(keystoreAlias);
server.setSsl(ssl);
server.setPort(sslPort);
}
So the error message is not helpful at allfor this case. I hope this helps someone else. Just be sure to verify that you're putting the right passwords (key vs keystore) in the right place. The same issue can happen in a properties based setup - it depends on what you are working with.
因此,该错误信息是没有帮助的,在所有的这种情况。我希望这对其他人有帮助。请务必确认您将正确的密码(密钥与密钥库)放在正确的位置。同样的问题可能发生在基于属性的设置中 - 这取决于您正在使用的内容。
回答by Arun Kumar N
You made a small mistake in the application.propertiesfile. Please change
您在application.properties文件中犯了一个小错误。请更换
server.ssl.key-password=your_password
to
到
server.ssl.key-store-password=your_password
It will work fine then. Hope it helps! Thank you!
它会正常工作。希望能帮助到你!谢谢!
回答by Frank Liu
1.use " -genkeypair"
1.使用“-genkeypair”
keytool -genkeypair -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
- change "server.ssl.key-password" to "server.ssl.key-store-password"
- 将“server.ssl.key-password”更改为“server.ssl.key -store-password”
回答by maestr0
Spring Boot 2.2.1.RELEASE
Spring Boot 2.2.1.RELEASE
keytool -genkeypair -keystore myKeystore2.p12 -storetype PKCS12 -storepass 123456 -alias ks-localhost -keyalg RSA -keysize 2048 -validity 99999 -dname "CN=My SSL Certificate, OU=My Team, O=My Company, L=My City, ST=My State, C=SA" -ext san=dns:localhost,ip:127.0.0.1
application.yml
应用程序.yml
server:
tomcat:
accesslog:
enabled: true
ssl:
key-store-type: PKCS12
key-store: classpath:myKeystore.p12
key-alias: ks-localhost
enabled: true
protocol: TLS
key-store-password: 123456
回答by JenkaBY
I had the same problem. I made the changes from 2nd answer. But problem wasn't gone. After all I've made, I just included my keystore.p12certificate to pom.xml in profilessection
我有同样的问题。我从第二个答案中进行了更改。但问题并没有消失。毕竟我已经做了,我只是在配置文件部分将我的keystore.p12证书包含到 pom.xml 中
<profiles>
<!-- DEVELOPMENT PROFILE -->
<profile>
<id>dev</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<build>
<resources>
<resource>
<directory>src/main/resources</directory>
<includes>
<include>application.properties</include>
<include>keystore.p12</include>
<include>data/**</include>
</includes>
</resource>
</resources>
</build>
</profile>
</profiles>
