Spring Boot localhost 中的 SSL 证书答案

【问题标题】：SSL certificate in Spring Boot localhostSpring Boot localhost 中的 SSL 证书
【发布时间】：2020-04-22 12:33:12
【问题描述】：

我在 Namecheap 上购买了 SSL 证书，该证书适用于我的网站 www.centregracefoi.com 但问题是我想使用我的 Spring Boot 应用程序在 localhost 上对其进行测试，以便在将其部署到 Web 之前查看它是否正常工作。当我尝试在我的 Spring Boot 应用程序中使用我受信任的证书时。它向我显示了这个错误：

org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat server
    at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:215) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:297) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:163) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:553) ~[spring-context-5.2.5.RELEASE.jar:5.2.5.RELEASE]
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747) [spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) [spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) [spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) [spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1215) [spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at com.graceetfoi.gf.GfApplication.main(GfApplication.java:26) [classes/:na]
Caused by: java.lang.IllegalArgumentException: standardService.connector.startFailed
    at org.apache.catalina.core.StandardService.addConnector(StandardService.java:231) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:278) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197) ~[spring-boot-2.2.6.RELEASE.jar:2.2.6.RELEASE]
    ... 10 common frames omitted
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
    at org.apache.catalina.connector.Connector.startInternal(Connector.java:1038) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.catalina.core.StandardService.addConnector(StandardService.java:227) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    ... 12 common frames omitted
Caused by: java.lang.IllegalArgumentException: jsse.alias_no_key_entry
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:217) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1227) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:592) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.catalina.connector.Connector.startInternal(Connector.java:1035) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    ... 14 common frames omitted
Caused by: java.io.IOException: jsse.alias_no_key_entry
    at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:328) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97) ~[tomcat-embed-core-9.0.33.jar:9.0.33]
    ... 20 common frames omitted

我在 Google 上搜索了解决方案，但我发现的教程始终是关于自签名证书的。我可以在 localhost 上测试受信任的 CA，还是只适合在线网站？谢谢。

【问题讨论】：

更合乎逻辑的解释是你只是忘了导入一些东西；例如私钥。证书是否签名与主机完全无关。
我从 namecheap 下载了一个文件夹，听到的是我在里面看到的内容： www_centregracefoi_com.ca-bundle www_centregracefoi_com.crt www_centregracefoi_com.p7b 我在哪里可以找到私钥？
..这个问题与this非常重复...它没有可接受的答案，但仍然可能有帮助-/有见地。
使用您的公共 IP 地址将您的主机添加到 /etc/hosts 文件中。完成测试后，不要忘记再次从主机文件中删除该条目。

标签： java spring-boot ssl crt

【解决方案1】：

域证书在本地主机上不起作用。尝试使用 mkcert 为 localhost 生成证书。它创建一个 CA 并将其安装在系统信任存储中。

$ mkcert -install
Created a new local CA at "/home/amos/.local/share/mkcert" ?
The local CA is now installed in the system trust store! ⚡️
The local CA is now installed in the Firefox and/or Chrome/Chromium trust store (requires browser restart)! ?

$ sudo mkcert example.com '*.example.com' localhost 127.0.0.1 ::1
Using the local CA at "/home/amos/.local/share/mkcert" ✨

Created a new certificate valid for the following names ?
 - "example.com"
 - "*.example.com"
 - "localhost"
 - "127.0.0.1"
 - "::1"

The certificate is at "./example.com+4.pem" and the key at "./example.com+4-key.pem" ✅

【讨论】：