基本思路:先创建服务器私钥,再创建CSR文件,最后用私钥签发CSR文件得到服务器公钥证书。
Enter pass phrase for server.key:123456
Verifying - Enter pass phrase for server.key:123456
C:\nginx-1.16.1\ssl>openssl req -new -key server.key -out server.csr
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:sd
Locality Name (eg, city) []:jn
Organization Name (eg, company) [Internet Widgits Pty Ltd]:sdcd
Organizational Unit Name (eg, section) []:sdcd
Common Name (e.g. server FQDN or YOUR name) []:localhost
A challenge password []:sdcd2023
An optional company name []:sdcd
C:\nginx-1.16.1\ssl>copy server.key server.key.orig
C:\nginx-1.16.1\ssl>openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
C:\nginx-1.16.1\ssl>openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
# 二级路由跳转、接口代理、https信任自签证书
server {
server_name 192.168.43.20;
listen 443 ssl; # 监听443端口,也可用其他端口, 开启ssl(必须)
# 引用ssl证书(必须,如果放在nginx/conf/ssl下可以用相对路径,其他位置必须用绝对路径)
ssl_certificate ../ssl/server.crt;
ssl_certificate_key ../ssl/server.key;
# 协议优化(可选,优化https协议,增强安全性)
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# 二级路由跳转
location /ayyingyong20221119 {
try_files $uri $uri/ /ayyingyong20221119/index.html;
index index.html;
}
# 当遇到/api (也就是我们的接口)对其进行反向代理
location /ayyingyong20221119/api {
proxy_pass https://localhost:9090/ayyingyong20221119/api;
}
}
nginx -s reload
1.找到server.xml文件,修改Connector 为下面
<Connector port="8080" protocol="HTTP/1.1" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"
SSLEnabled="true"
SSLCertificateFile="C:\apache-tomcat-7.0.68-ui\conf\server.crt"
SSLCertificateKeyFile="C:\apache-tomcat-7.0.68-ui\conf\server.key"
connectionTimeout="20000"
URIEncoding="UTF-8"/>
keytool -genkeypair -alias 'tomcat' -keyalg 'RSA' -keystore 'D:/tomcat/conf/tomcat.keystore'
去掉注释,并将keystoreFile和keystorePass处替换成自己的证书路径和生成证书时的口令即可.
<Connector port="8443" protocol="HTTP/1.1"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="本机的keystore路径" keystorePass="生成证书时的口令" />
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
用这种方法,不注释上面这行代码启动tomcat会报错
严重: Failed to initialize end point associated with ProtocolHandler ["http-apr-
8888"]
java.lang.Exception: Connector attribute SSLCertificateFile must be defined when
using SSL with APR
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:507)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.jav
a:650)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:9
78)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardService.initInternal(StandardService
.java:560)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.j
ava:820)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:642)
at org.apache.catalina.startup.Catalina.load(Catalina.java:667)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:253)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:427)
server:
port: 8008
ssl:
enabled: true
key-store-type: JKS
key-store: classpath:server.keystore
key-store-password: 123456
key-alias: server
springboot+vue+nginx 配置Https访问——自签名证书验证 - 尹镇镇 - 博客园 (cnblogs.com)
springboot+vue+nginx 配置Https访问——自签名证书验证 | 航行学园 (voycn.com)
SpringBoot+Vue2前后端项目配置ssl证书_springboot配置ssl证书-CSDN博客