Spring boot with HTTPS SSL
阿新 • • 發佈:2022-05-02
本文節選自《Netkiller Java 手札》
5.24. Spring boot with HTTPS SSL
5.24.1. 生成自簽名證書
keytool -genkey -alias www.netkiller.cn -keyalg RSA -keystore /www/netkiller.cn/www.netkiller.cn.keystore 匯入證書(Windows)
keytool -selfcert -alias www.netkiller.cn -keystore www.netkiller.cn.keystore keytool -export -alias www.netkiller.cn -keystore www.netkiller.cn.keystore -storepass passw0rd -rfc -file www.netkiller.cn.cer
匯入證書(JVM)
keytool -importcert -alias www.netkiller.cn -file www.netkiller.cn.cer -keystore /srv/java/jre/lib/security/cacerts 5.24.2. application..properties 配置檔案
配置Tomcat HTTPS 埠 8443(由於JVM不能fork和setuid,所以無法向nginx,apache httpd 那樣設定 80 埠,除非你使用root使用者執行,但這樣做是不安全的。)
server.port=8443 server.ssl.enabled=true server.ssl.key-store=/www/netkiller.cn/www.netkiller.cn.keystore server.ssl.key-store-password=passw0rd server.ssl.key-store-type=JKS server.ssl.key-alias=www.netkiller.cn
5.24.3. 啟動 Spring boot
/srv/java/bin/java -server -Xms2048m -Xmx8192m -Djava.security.egd=file:/dev/./urandom -jar /www/netkiller.cn/www.netkiller.cn/www.netkiller.cn-0.0.1.war 5.24.4. restTemplate 呼叫例項
String url = "https://www.netkiller.cn:8443/public/test/version.json"; ResponseEntity<RestResponse<String>> result = restTemplate.exchange(url, HttpMethod.GET, null, new ParameterizedTypeReference<RestResponse<String>>() {});