本实例以Spring Boot 1.5.9为例,来演示使用Spring Boot 对TLS/SSL 配置。

1.创建项目

使用http://start.spring.io/来创建一个项目并添加Web的支持,下载之后解压导入到eclipse中,完整结构如下:

2.生成证书

TLS 传输层安全性协议(Transport Layer Security)前身安全套接层(Secure Sockets Layer,缩写作 SSL)是一种安全协议,在实际的过程中经常用到。在配置TLS/SSL之前我们需要拿到相应签名的证书,测试实例可以使用Java 下面的 Keytool 来生成证书:

在控制台输入命令来生成证书:

1
keytool -genkey -alias boot.tomcat.ssl -keystore tomcat.keystore -storepass Password2

3.Spring Boot中配置TLS/SSL

将生成的tomcat.keystore拷贝到src\main\resources目录下,添加配置到 application.properties

1
2
3
4
5
6
server.port=8443
server.ssl.key-store=classpath:tomcat.keystore
server.ssl.key-store-password=Password2
server.ssl.key-password=Password2
server.ssl.key-alias=boot.tomcat.ssl
server.ssl.protocol=TLS

4.测试

访问https://localhost:8443/

### 5.Spring Boot中更多配置TLS/SSL 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
server.ssl.ciphers= # Supported SSL ciphers.
server.ssl.client-auth= # Whether client authentication is wanted ("want") or needed ("need"). Requires a trust store.
server.ssl.enabled= # Enable SSL support.
server.ssl.enabled-protocols= # Enabled SSL protocols.
server.ssl.key-alias= # Alias that identifies the key in the key store.
server.ssl.key-password= # Password used to access the key in the key store.
server.ssl.key-store= # Path to the key store that holds the SSL certificate (typically a jks file).
server.ssl.key-store-password= # Password used to access the key store.
server.ssl.key-store-provider= # Provider for the key store.
server.ssl.key-store-type= # Type of the key store.
server.ssl.protocol=TLS # SSL protocol to use.
server.ssl.trust-store= # Trust store that holds SSL certificates.
server.ssl.trust-store-password= # Password used to access the trust store.
server.ssl.trust-store-provider= # Provider for the trust store.
server.ssl.trust-store-type= # Type of the trust store.

参考链接

https://docs.spring.io/spring-boot/docs/1.5.9.RELEASE/reference/htmlsingle/#howto-configure-ssl

代码地址

https://github.com/duliu1990/spring-boot-demo