在Spring Boot 2.0中使用自签名证书启用HTTPS

Question

在Spring Boot 2.0中使用自签名证书启用HTTPS

Tri*_*oan 14 java https keystore keytool spring-boot

我正在按照本教程使用自签名证书在Spring Boot 2.0中启用HTTPS,仅用于测试目的.总之,该教程包括以下步骤:

1.使用生成密钥库keytool.

keytool -genkey -alias tomcat
 -storetype PKCS12 -keyalg RSA -keysize 2048
 -keystore keystore.p12 -validity 3650

Run Code Online (Sandbox Code Playgroud)

2.通过在application.properties文件中添加一些属性,在Spring Boot中启用HTTPS .

server.port: 8443
server.ssl.key-store: keystore.p12
server.ssl.key-store-password: mypassword
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: tomcat

Run Code Online (Sandbox Code Playgroud)

3.将HTTP重定向到HTTPS(可选).我忽略了这部分.

但是当我启动我的应用程序时,我收到了以下错误:

org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-8443]]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.apache.catalina.core.StandardService.addConnector(StandardService.java:225) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:255) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:300) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:162) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:552) [spring-context-5.0.4.RELEASE.jar:5.0.4.RELEASE]
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:752) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:388) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:327) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1246) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1234) [spring-boot-2.0.0.RELEASE.jar:2.0.0.RELEASE]
    at epic.gwdg.restgraph.RestgraphApplication.main(RestgraphApplication.java:10) [classes/:na]
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
    at org.apache.catalina.connector.Connector.startInternal(Connector.java:1021) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    ... 13 common frames omitted
Caused by: java.lang.IllegalArgumentException: Private key must be accompanied by certificate chain
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1150) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:591) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.apache.catalina.connector.Connector.startInternal(Connector.java:1018) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    ... 14 common frames omitted
Caused by: java.lang.IllegalArgumentException: Private key must be accompanied by certificate chain
    at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1170) ~[na:na]
    at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:257) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) ~[tomcat-embed-core-8.5.28.jar:8.5.28]
    ... 19 common frames omitted

2018-03-16 16:42:30.917  INFO 970 --- [           main] o.apache.catalina.core.StandardService   : Stopping service [Tomcat]
2018-03-16 16:42:30.931  INFO 970 --- [           main] ConditionEvaluationReportLoggingListener : 

Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2018-03-16 16:42:30.933 ERROR 970 --- [           main] o.s.b.d.LoggingFailureAnalysisReporter   : 

***************************
APPLICATION FAILED TO START
***************************

Description:

The Tomcat connector configured to listen on port 8443 failed to start. The port may already be in use or the connector may be misconfigured.

Action:

Verify the connector's configuration, identify and stop any process that's listening on port 8443, or configure this application to listen on another port.

2018-03-16 16:42:30.934  INFO 970 --- [           main] ConfigServletWebServerApplicationContext : Closing org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext@58ce9668: startup date [Fri Mar 16 16:42:26 CET 2018]; root of context hierarchy
2018-03-16 16:42:30.936  INFO 970 --- [           main] o.s.j.e.a.AnnotationMBeanExporter        : Unregistering JMX-exposed beans on shutdown

Process finished with exit code 1

Run Code Online (Sandbox Code Playgroud)

基本上,消息是:

私钥必须附有证书链.

这是一个自签名证书,因此它当然没有可信链.我该如何解决？

这是我当前的application.properties文件:

server.port=8443
server.ssl.enabled=true
server.ssl.key-store=classpath:keystore.p12
server.ssl.key-password=123456
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=tomcat

Run Code Online (Sandbox Code Playgroud)

非常感谢你的帮助.

Answer 1

E2r*_*abi 15

问题是,在您生成的密钥库中,您没有密钥对,因此没有私钥,因为您使用选项-genkey需要通过选项-genkeypair更改它:

-genkey生成密钥,而-genkeypair生成密钥对(公钥和私钥).

所以我认为这应该有效:

keytool -genkeypair -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048  -keystore keystore.p12 -validity 3650

Run Code Online (Sandbox Code Playgroud)

在你的spring boot配置中,用"="更改":"并添加到密钥库的路径我想你的keystore.p12在你的资源文件夹中,所以:

server.ssl.key-store = classpath:keystore.p12
server.ssl.key-store-password = mypassword
server.ssl.key-store-type = PKCS12
server.ssl.key-alias = tomcat

Run Code Online (Sandbox Code Playgroud)

我刚刚更新了问题以添加我的配置。我注意到，与您一样，密码字段应为`key-store-password`。我更改了它，并且有效！！！您可以更新您的答案（“密钥别名”）。我会将您的答案标记为正确。谢谢：） (4认同)

Answer 2

joc*_*ull 8

Private key must be accompanied by certificate chain在带有嵌入式Tomcat服务器的Spring Boot应用程序中，我也遇到了这个可怕的错误。这让我发疯了。

原来我的问题是一个简单的错字：

@Override
public void customize(ConfigurableServletWebServerFactory server) {
    Ssl ssl = new Ssl();
    ssl.setEnabled(true);
    ssl.setKeyStore(keystoreFile);
    ssl.setKeyPassword(keystorePass); // << Should be `setKeyStorePassword` !!!!
    ssl.setKeyStoreType(keystoreType);
    ssl.setKeyAlias(keystoreAlias);

    server.setSsl(ssl);
    server.setPort(sslPort);
}

Run Code Online (Sandbox Code Playgroud)

因此，该错误信息是没有帮助的，在所有的这种情况。我希望这可以帮助其他人。只需确保您在正确的位置输入了正确的密码（密钥与密钥库）即可。在基于属性的设置中可能会发生相同的问题-这取决于您使用的工具。

Answer 3

Aru*_*r N 7

您在application.properties文件中犯了一个小错误。请更换

server.ssl.key-password=your_password

Run Code Online (Sandbox Code Playgroud)

到

server.ssl.key-store-password=your_password

Run Code Online (Sandbox Code Playgroud)

然后它会正常工作。希望能帮助到你！谢谢！

归档时间：	8 年，2 月前
查看次数：	15065 次
最近记录：	6 年，6 月前