使用 HTTPS 启动 Spring Boot 应用程序答案

【问题标题】：Start Spring Boot application using HTTPS使用 HTTPS 启动 Spring Boot 应用程序
【发布时间】：2019-02-22 09:58:55
【问题描述】：

所以我经历了以下步骤：

我使用 JRE 密钥工具生成了 SSL 证书。我执行了命令：

keytool -genkey -alias tomcat
 -storetype PKCS12 -keyalg RSA -keysize 2048
 -keystore keystore.p12 -validity 3650

然后我被提示输入密码和其他各种信息。一世像这样完成：

Enter keystore password:
 Re-enter new password:
 What is your first and last name?
 [Unknown]:
 What is the name of your organizational unit?
 [Unknown]:
 What is the name of your organization?
 [Unknown]:
 What is the name of your City or Locality?
 [Unknown]:
 What is the name of your State or Province?
 [Unknown]:
 What is the two-letter country code for this unit?
 [Unknown]:
 Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
 [no]: yes

然后我在src/main/resources 中移动了“keystore.p12”文件我的 Spring Boot 应用程序的文件夹。

在application.yml 文件中添加了以下行 src/main/resources:

server:
 port: 8443
 ssl:
  key-store: keystore.p12
  key-store-password: <chosen_password>
  key-store-provider: PKCS12
  key-alias: tomcat

启动 Spring Boot 应用程序。遇到了这个异常：

2018-09-18 13:51:25 [main] ERROR o.apache.tomcat.util.net.SSLUtilBase - Failed to load keystore type [JKS] with path [file:/home/user/Desktop/repositories/alfresco-facade-c4/keystore.p12] due to [no such provider: PKCS12]
java.security.NoSuchProviderException: no such provider: PKCS12
    at sun.security.jca.GetInstance.getService(GetInstance.java:83)
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
    at java.security.Security.getImpl(Security.java:698)
    at java.security.KeyStore.getInstance(KeyStore.java:896)
    at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:127)
    at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:204)
    at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:184)
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87)
    at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225)
    at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1150)
    at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:591)
    at org.apache.catalina.connector.Connector.startInternal(Connector.java:1018)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
    at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
    at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
    at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:134)
    at com.docprocess.contentmanagement.AlfrescoFacadeApplication.main(AlfrescoFacadeApplication.java:22)
2018-09-18 13:51:25 [main] ERROR o.a.catalina.core.StandardService - Failed to start connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-8443]]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
    at org.apache.catalina.core.StandardService.addConnector(StandardService.java:225)
    at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
    at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
    at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:134)
    at com.docprocess.contentmanagement.AlfrescoFacadeApplication.main(AlfrescoFacadeApplication.java:22)
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
    at org.apache.catalina.connector.Connector.startInternal(Connector.java:1021)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    ... 12 common frames omitted
Caused by: java.lang.IllegalArgumentException: java.io.IOException: Failed to load keystore type [JKS] with path [file:/home/user/Desktop/repositories/alfresco-facade-c4/keystore.p12] due to [no such provider: PKCS12]
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116)
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87)
    at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225)
    at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1150)
    at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:591)
    at org.apache.catalina.connector.Connector.startInternal(Connector.java:1018)
    ... 13 common frames omitted
Caused by: java.io.IOException: Failed to load keystore type [JKS] with path [file:/home/user/Desktop/repositories/alfresco-facade-c4/keystore.p12] due to [no such provider: PKCS12]
    at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:152)
    at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:204)
    at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:184)
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
    ... 18 common frames omitted

主要思想是PKCS12提供者不存在。

有什么想法吗？

也许使用不同的提供者？如果答案是肯定的，我应该使用哪个提供商？

【问题讨论】：

标签： java spring spring-boot tomcat https

【解决方案1】：

请重构 application.yml

server:
  port: 8443
  ssl:
    key-store: classpath:keystore.p12
    key-store-password: <chosen_password>
    keyStoreType: PKCS12
    key-alias: tomcat

PKCS12 应该使用 spring-boot 开箱即用

【讨论】：

你可以尝试构建一个可执行的 jar 并从命令行运行它吗？
另外，尝试将 key-store-provider 重命名为 keyStoreType
这成功了。我使用了key-store: classpath:keystore.p12 和keyStoreType: PKCS12。请在答案中提及这一点。
调整后的答案。