{"id":1498,"date":"2023-09-19T17:23:00","date_gmt":"2023-09-19T09:23:00","guid":{"rendered":"http:\/\/blog.sway.com.cn\/?p=1498"},"modified":"2023-10-08T17:23:33","modified_gmt":"2023-10-08T09:23:33","slug":"%e8%87%aa%e5%88%b6%e7%94%a8%e4%ba%8ehttps%e7%9a%84ssl%e8%af%81%e4%b9%a6%ef%bc%8c%e5%8c%85%e6%8b%acca%e6%a0%b9%e8%af%81%e4%b9%a6%e4%bb%a5%e5%8f%8a%e5%9c%a8spring-boot%e5%92%8cnginx%e4%b8%ad%e4%bd%bf","status":"publish","type":"post","link":"http:\/\/blog.sway.com.cn\/?p=1498","title":{"rendered":"\u81ea\u5236\u7528\u4e8eHTTPS\u7684SSL\u8bc1\u4e66\uff0c\u5305\u62ecCA\u6839\u8bc1\u4e66\u4ee5\u53ca\u5728Spring Boot\u548cNginx\u4e2d\u4f7f\u7528\u7684\u8bc1\u4e66"},"content":{"rendered":"\n

\u4e3b\u4f53\u89d2\u8272\u53c8\u4e09\u4e2a\uff1a\u5ba2\u6237\u7aef\u3001\u670d\u52a1\u7aef\u3001\u4ee5\u53caCA\u673a\u6784\u3002<\/p>\n\n\n\n

\u5982\u4e0b\u56fe\u6240\u793a\uff1a<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

CA\u673a\u6784\u6839\u8bc1\u4e66<\/h2>\n\n\n\n

\u751f\u6210CA\u673a\u6784\u79c1\u94a5<\/p>\n\n\n\n

openssl genrsa -out ca.key 2048<\/pre>\n\n\n\n
\u751f\u6210CA\u8bc1\u4e66\uff08\u6ce8\u610f\uff1a\u751f\u6210\u8fc7\u7a0b\u4e2d\u9700\u8981\u8f93\u5165\u4e00\u4e9bCA\u673a\u6784\u7684\u4fe1\u606f\uff09<\/p>\n\n\n\n
openssl req -x509 -new -key ca.key -out ca.crt<\/pre>\n\n\n\n
<\/p>\n\n\n\n
\u751f\u6210Server\u7aef\u8bc1\u4e66<\/h2>\n\n\n\n
\u751f\u6210Server\u7aef\u7684key\u79c1\u94a5<\/p>\n\n\n\n
openssl genrsa -out server.key 2048<\/pre>\n\n\n\n
\u751f\u6210Server\u7aef\u7684csr\u8bc1\u4e66\u8bf7\u6c42\u6587\u4ef6\uff08\u6ce8\u610f\uff1a\u751f\u6210\u8fc7\u7a0b\u4e2d\u9700\u8981\u4f60\u8f93\u5165\u4e00\u4e9b\u670d\u52a1\u7aef\u4fe1\u606f\uff09<\/p>\n\n\n\n
openssl req -new -key server.key -out server.csr\n\n#\u6ce8\u610f\u5230\u8fd9\u4e00\u6b65\u65f6\u7684\u610f\u601d\nPlease enter the following 'extra' attributes\nto be sent with your certificate request\nA challenge password []:  ##\u52a0\u5bc6CA\u8bc1\u4e66\u7684\u5bc6\u7801\uff0c\u4e5f\u8981\u8bb0\u4f4f\uff0c\u53ef\u4e0d\u8f93\u5165\nAn optional company name []:  ##\u53ef\u4ee5\u4e0d\u8f93\u5165<\/pre>\n\n\n\n
\u4f7f\u7528CA\u8bc1\u4e66\u751f\u6210Server\u7aef\u7684crt\u8bc1\u4e66<\/p>\n\n\n\n
openssl x509 -req -sha256 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 3650 -out server.crt<\/pre>\n\n\n\n
\u8f6c\u6362\u6210\u7528\u4e8eSpringBoot\u7684P12\u8bc1\u4e66<\/h2>\n\n\n\n
\u4f7f\u7528Server\u7aef\u7684key\u548ccrt\u8f6c\u6362p12\uff08\u6ce8\u610f\uff1a-name \u540e\u9762\u7684\u53c2\u6570\u5bf9\u5e94\u7684\u662f\u8bc1\u4e66\u7684alias\u522b\u540d\uff09<\/p>\n\n\n\n
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name \"server\"<\/pre>\n\n\n\n
\u628aca\u8bc1\u4e66\u653e\u5230keystore\u4e2d\uff08\u975e\u5fc5\u8981\uff09<\/p>\n\n\n\n
keytool -importcert -keystore server.p12 -file ca.crt<\/pre>\n\n\n\n
\u5c06p12\u8bc1\u4e66\u8f6c\u6362\u6210jks\u8bc1\u4e66\uff08\u4f8b\u5982jboss\u7528\u5230\u7684\uff09<\/p>\n\n\n\n
keytool -importkeystore -srckeystore server.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore server.jks<\/pre>\n\n\n\n
\u5c06crt\u8bc1\u4e66\u8f6c\u6362\u6210cer\u8bc1\u4e66<\/h2>\n\n\n\n
\u53cc\u51fb\u6253\u5f00*.crt\u8bc1\u4e66\u6587\u4ef6\uff1a<\/p>\n\n\n\n
\"\"<\/a><\/figure>\n\n\n\n
\u5728\u8bc1\u4e66\u5bfc\u51fa\u5411\u5bfc\u7a97\u53e3\u70b9\u51fb\u3010\u4e0b\u4e00\u6b65\u3011\uff0c\u9009\u62e9Base-64\u7f16\u7801\u7684X.509\uff08.CER\uff09\uff0c\u70b9\u51fb\u3010\u4e0b\u4e00\u6b65\u3011\uff1a<\/p>\n\n\n\n
\"\"<\/a><\/figure>\n\n\n\n
\u7136\u540e\u6309\u63d0\u793a\u64cd\u4f5c\uff0c\u5373\u53ef\u5b8c\u6210\u8f6c\u6362\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4e3b\u4f53\u89d2\u8272\u53c8\u4e09\u4e2a\uff1a\u5ba2\u6237\u7aef\u3001\u670d\u52a1\u7aef\u3001\u4ee5\u53caCA\u673a\u6784\u3002 \u5982\u4e0b\u56fe\u6240\u793a\uff1a CA\u673a\u6784\u6839\u8bc1\u4e66 \u751f\u6210CA\u673a\u6784\u79c1\u94a5 \u751f\u6210CA\u8bc1\u4e66\uff08 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1498","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"http:\/\/blog.sway.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/1498","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/blog.sway.com.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.sway.com.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.sway.com.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.sway.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1498"}],"version-history":[{"count":6,"href":"http:\/\/blog.sway.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/1498\/revisions"}],"predecessor-version":[{"id":1525,"href":"http:\/\/blog.sway.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/1498\/revisions\/1525"}],"wp:attachment":[{"href":"http:\/\/blog.sway.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1498"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.sway.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1498"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.sway.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1498"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}