如何将自签名SSL证书添加到jHipster示例应用程序? [英] How to add self signed SSL certificate to jHipster sample app?
问题描述
我已经创建了示例jHipster应用程序.现在,我想添加自签名SSL证书并在本地进行测试以访问https.如何实现呢?
I have create sample jHipster app. Now I want to add self signed SSL certificate and test in local to have a access to https. How to achieve this?
推荐答案
这些说明适用于JHipster所基于的所有Spring Boot应用程序.我已经在新生成的 JHipster 2.7 项目.
These instructions are applicable for all Spring Boot applications, on which JHipster is based. I have tested this on a newly generated JHipster 2.7 project.
从头开始时,您需要完成以下步骤:
You need to complete these steps when starting from scratch:
- 生成自签名证书
- 按照
生成自签名证书
首先,您需要在项目目录中生成自签名证书,这可以通过
keytool
完成,它是Java提供的实用程序脚本:
Generating a self-signed certificate
First you need to generate your self-signed certificate in your project directory, this can be done with
keytool
, which is utility script provided by Java:keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650 Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: What is the name of your organizational unit? [Unknown]: What is the name of your organization? [Unknown]: What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit? [Unknown]: Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? [no]: yes
我选择了密码
mypassword
,所以这是我将在下一步中使用的密码.完成此操作后,您将在当前目录中看到一个keystore.p12
.I have chosen password
mypassword
so this is the one I will use in the next step. When you have done this, you will see akeystore.p12
in your current directory.现在,您需要为Tomcat添加HTTPS连接器属性.您可以在
src/main/resources/
中找到属性(yml)文件,并且需要更新application.yml
(或者如果它仅用于application-dev.yml
中的开发,则具有以下属性:Now you need to add the HTTPS connector properties for Tomcat. You can find the property (yml) files in
src/main/resources/
and you need to update theapplication.yml
(or if it is only for development inapplication-dev.yml
with the following properties:server: ssl: key-store: keystore.p12 key-store-password: mypassword keyStoreType: PKCS12 keyAlias: tomcat
现在,您可以使用
mvn clean package
将应用程序与Maven(如果为JHipster应用程序选择了Gradle)一起打包,并使用 mvn spring-boot:run 运行该应用程序.您现在可以在 https://localhost:8080Now you can package your application with Maven (or Gradle if you chose that for your JHipster application) using
mvn clean package
and run the application using mvn spring-boot:run. You can now access your application on https://localhost:8080为简单起见,我没有更改端口,但理想情况下,您也应该在属性文件中对其进行更改,但由于在
application-dev.yml
和application-prod.yml
中已经定义了它们,因此我将其省略了.在其中或将其删除并放入常规application.yml
For simplicity I did not change the port, but ideally you should change it as well in the properties files, but I left it out since they are already defined in
application-dev.yml
andapplication-prod.yml
so you would have to change it in there or remove it and put it in the generalapplication.yml
您只能通过
application.properties
启用一种协议,因此,当您像上面那样执行此操作时,仅HTTPS将起作用.如果您还希望HTTP也能正常工作,并重定向到HTTPS,则必须添加如下的@Configuration
类You can only enable one protocol through the
application.properties
, so when you do this like above only HTTPS will work. If you want HTTP to work too, and redirect to HTTPS you have to add a@Configuration
class like below@Bean public EmbeddedServletContainerFactory servletContainer() { TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() { @Override protected void postProcessContext(Context context) { SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/*"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); } }; tomcat.addAdditionalTomcatConnectors(initiateHttpConnector()); return tomcat; } private Connector initiateHttpConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setScheme("http"); connector.setPort(8080); connector.setSecure(false); connector.setRedirectPort(8443); return connector; }
此回复基本上是我在同一主题上的博客文章的副本: http://www.drissamri.be/blog/java/enable-https-in-spring-boot/
This response is basically a copy of my blog post on the same subject: http://www.drissamri.be/blog/java/enable-https-in-spring-boot/
这篇关于如何将自签名SSL证书添加到jHipster示例应用程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!