背景

 项目开发阶段前后交互采用http协议，演示环境采用htttps协议 ，此处为个人demo案例https>https://i-blog.csdnimg.cn/direct/f6bb4fafdf404888b07d3fb6546a8fac.png" width="1200" />

 组件

  后端：springBoot

  前端：vue

  web 服务：tomcat

  部署环境：linux

生成自签名证书

创建目录 存储证书位置

# mkdir -p /opt/dcp/demo

切换目录
# cd /opt/dcp/demo

生成java keystore(JKS)证书
# keytool -genkey -v -alias xtpt_cloud -keyalg RSA   -validity 36500  -keystore xtpt_cloud.jks -dname "CN=xtpt_cloud,OU=cn,O=cn,L=cn,ST=cn,c=cn" -storepass XtptCloud2023# -keypass XtptCloud2023# -ext san=ip:10.1.5.3

转换秘钥库诶下
# keytool -importkeystore -srckeystore xtpt_cloud.jks -destkeystore xtpt_cloud.jks -deststoretype pkcs12

导出证书
# keytool -export -trustcacerts -alias xtpt_cloud -file xtpt_cloud.cer -keystore xtpt_cloud.jks -storepass XtptCloud2023# -ext san=10.1.5.3

转换证书格式
# openssl x509 -inform der -in xtpt_cloud.cer -out xtpt_cloud.pem

导出私钥
# openssl pkcs12 -nocerts -nodes -in xtpt_cloud.jks -out xtpt_cloud.key
XtptCloud2023#

 https>https://i-blog.csdnimg.cn/direct/8db76d013e164eaf884efaafd08c37e6.png" width="1023" />

https>https://i-blog.csdnimg.cn/direct/ab7f63e606084d5fad570b66b78e8834.png" width="1200" />

 https>https://i-blog.csdnimg.cn/direct/0ea1d11f0a844311a00f69f954ff8faa.png" width="1032" />

 https>https://i-blog.csdnimg.cn/direct/8a5384bf8f3c4653a08912cbf23d4065.png" width="1200" />

springBoot配置

  ssl:
    key-store: file:/opt/dcp/demo/xtpt_cloud.jks
    key-alias: xtpt_cloud
    key-store-password: XtptCloud2023#
    key-store-type: JKS #密钥库类型
    enabled-protocols: TLSv1,TLSv1.1,TLSv1.2
    ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA

https>https://i-blog.csdnimg.cn/direct/7335a07c8879499b99aada95d92d6d29.png" width="1200" />

tomcat配置

编辑文件server.xml

# vim /opt/dcp/tomcat_pri/conf/server.xml

#注释原Connector的http配置，添加https>https配置

  <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
               port="8443" maxThreads="200"
               scheme="https>https" secure="true" SSLEnabled="true"
               keystoreFile="/opt/dcp/demo/xtpt_cloud.jks" keystorePass="XtptCloud2023#"
               clientAuth="false" sslProtocol="TLS"
               ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"/>

 https>https://i-blog.csdnimg.cn/direct/170c8710e87642a3acdf99a92d39f457.png" width="1200" />

 重启tomcat

# /opt/dcp/tomcat/bin/catalina.sh start

访问验证

改为https>https

https>https://i-blog.csdnimg.cn/direct/0328d80731b94b5b80b3bd9287d0c0ef.png" width="779" />