SpringBoot配置SSL证书使用https方式访问

近期公司做了一个小程序跟后台管理系统，需要部署上线，在配置SSL证书上，遇到各种坑，花了不少时间才解决，网上资料比较杂也不全面，在此做个笔记，方便以后使用，有需要的同学也可以借鉴一下。话不多说，直接开始。

1、准备好SSL证书

可以使用阿里云免费的SSL证书或者腾讯云免费的SSL证书，具体生成过程，官网和网上资料都很全，看一下就知道了，我在这里就不多说，主要讲解证书如何配置使用。我以阿里云为例。

2、把证书放入项目

因为SpringBoot运行，内置Tomcat，所以使用Tomcat服务器证书，下载阿里云证书到本地，解压如下，包含两个文件，.pfx是证书文件，.txt是密码文件。

把.pfx证书文件放入到项目中的resources文件夹下，如下图所示：

3、application.yml配置

server: port: 8080 ssl: key-store: classpath:7920347_hcwy.uniplore.cn.pfx #替换成自己的证书文件 key-store-password: ******** #替换成自己的密码 key-store-type: PKCS12 #证书类型

踩坑一：网上多数配置完此步骤后就没了，然后我运行应用，一直报错，错误如下：

Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled. 2022-06-11 13:22:08.812 [main] ERROR org.springframework.boot.SpringApplication:837 - Application run failed org.springframework.context.ApplicationContextException: Failed to start bean 'webServerStartStop'; nested exception is org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat server at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:185) at org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:53) at org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:360) at org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:158) at org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:122) at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:895) at org.springframework.context.support.AbstractApplicationContext.__refresh(AbstractApplicationContext.java:554) at org.springframework.context.support.AbstractApplicationContext.jrLockAndRefresh(AbstractApplicationContext.java:40002) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:41008) at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:143) at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:758) at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:750) at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:405) at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) at org.springframework.boot.SpringApplication.run(SpringApplication.java:1237) at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) at org.jeecg.JeecgSystemApplication.main(JeecgSystemApplication.java:28) Caused by: org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat server at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:229) at org.springframework.boot.web.servlet.context.WebServerStartStopLifecycle.start(WebServerStartStopLifecycle.java:43) at org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:182) ... 16 common frames omitted Caused by: java.lang.IllegalArgumentException: standardService.connector.startFailed at org.apache.catalina.core.StandardService.addConnector(StandardService.java:231) at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:282) at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:213) ... 18 common frames omitted Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed at org.apache.catalina.connector.Connector.startInternal(Connector.java:1067) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.StandardService.addConnector(StandardService.java:227) ... 20 common frames omitted Caused by: java.lang.IllegalArgumentException: DerInputStream.getLength(): lengthTag=111, too big. at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:216) at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141) at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1227) at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:592) at org.apache.catalina.connector.Connector.startInternal(Connector.java:1064) ... 22 common frames omitted Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=111, too big. at sun.security.util.DerInputStream.getLength(DerInputStream.java:606) at sun.security.util.DerValue.init(DerValue.java:391) at sun.security.util.DerValue.<init>(DerValue.java:332) at sun.security.util.DerValue.<init>(DerValue.java:345) at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1941) at java.security.KeyStore.load(KeyStore.java:1445) at org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:67) at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:216) at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:207) at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:282) at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:246) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97) ... 28 common frames omitted 

于是我又网上查阅资料，最终加上第4步。

4、修改pom.xml文件

在项目下的pom.xml文件的build/resources节点下加上如下代码：

 <resource> <directory>src/main/resources</directory> <filtering>true</filtering> <excludes> <!-- 替换成自己的证书文件 --> <exclude>7920347_hcwy.uniplore.cn.pfx</exclude> </excludes> </resource> <resource> <directory>src/main/resources</directory> <filtering>false</filtering> <includes> <!-- 替换成自己的证书文件 --> <include>7920347_hcwy.uniplore.cn.pfx</include> </includes> </resource> 

大概意思是资源文件过滤时排除证书文件。

踩坑二：继续运行应用，还是一样的错误！最后查阅资料发现是由于证书加载不正确导致，证书被maven-resources-plugin修改过，故需要加上第5步。

5、修改pom.xml文件

在项目下的pom.xml文件的build/plugins节点下加上如下代码：

 <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-resources-plugin</artifactId> <configuration> <nonFilteredFileExtensions> <!-- 过滤后缀为pfx的证书文件 --> <nonFilteredFileExtension>pfx</nonFilteredFileExtension> </nonFilteredFileExtensions> </configuration> </plugin>

至此，大功告成！

原文链接：https://blog.csdn.net/qq_42859736/article/details/125232370