纯copy 非原创,原文链接:https://blog.csdn.net/sinat_40399893/article/details/79860942
Spring Boot配置ssl证书
一、申请有权威的SSL证书
在各大云服务商都可以申请到SSL官方证书。
我这里是在阿里云上申请的,申请后下载,解压。如图:
二、用JDK中keytool是一个证书管理工具,压缩成tomcat所支持的.jks
1、打开你安装的jdk目录下
2、打开dos命令框(命令提示符)
2.1、进入JDK所在的盘符,我的是D盘
2.2、进入JDK下的bin目录
2.3、输入这条命令(输入之前先修改:D:\https\214215109110451\214215109110451.pfx 部分是你下载的证书pfx所在路径,520oo.jks是自己命名的jks文件)
keytool -importkeystore -srckeystore D:\https\214215109110451\214215109110451.pfx -destkeystore 520oo.jks -srcstoretype PKCS12 -deststoretype JKS
- 1
2.4、输入密码,三次输入的密码都要和解压的证书里密码一致,不一致有可能出错。
2.5、记下别名:alias
2.6、在bin目录下找到 jks文件(复制到项目的application.properties同级目录) 
三、修改Spring Boot的application.properties
#https加密端口号 443
server.port=443
#SSL证书路径 一定要加上classpath:
server.ssl.key-store=classpath:520oo.jks #SSL证书密码 server.ssl.key-store-password=214215109110451 #证书类型 server.ssl.key-store-type=JKS #证书别名 server.ssl.key-alias=alias四、修改启动类,让http重定向到https
XXXApplication.java
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; import org.springframework.context.annotation.Bean; @SpringBootApplication public class WebchatApplication { public static void main(String[] args) { SpringApplication.run(WebchatApplication.class, args); } /** * http重定向到https * @return */ @Bean public TomcatServletWebServerFactory servletContainer() { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint constraint = new SecurityConstraint(); constraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); constraint.addCollection(collection); context.addConstraint(constraint); } }; tomcat.addAdditionalTomcatConnectors(httpConnector()); return tomcat; } @Bean public Connector httpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); //Connector监听的http的端口号 connector.setPort(8080); connector.setSecure(false); //监听到http的端口号后转向到的https的端口号 connector.setRedirectPort(443); return connector; } }然后大功告成