如何在Spring Boot 3中以编程方式配置Tomcat的自签名证书？

Question

如何在Spring Boot 3中以编程方式配置Tomcat的自签名证书？

4

以前关于如何在Spring Boot 2.x中配置自签名证书的示例大致如下：

@Component
public class MyTomcatWebServerFactoryCustomizer implements WebServerFactoryCustomizer<TomcatServletWebServerFactory> {

    @Override
    public void customize(TomcatServletWebServerFactory server) {
        server.addConnectorCustomizers(connector -> {
           Http11NioProtocol proto = (Http11NioProtocol) connector.getProtocolHandler();
           proto.setSSLEnabled(true);
           proto.setKeystoreFile(CERTIFICATE_PATH);
           proto.setKeystorePass(CERTIFICATE_PASSWORD);
           proto.setKeystoreType(KEYSTORE_TYPE);
           proto.setKeyAlias(CERTIFICATE_ALIAS);
        });
    }
}

Spring Boot 3 升级到 Tomcat 10，移除了 Http11NioProtocol 基类的 setKeystoreFile、setKeystorePass、setKeystoreType 和 setKeyAlias 方法，我现在还在苦苦寻找在新环境下配置这些参数的正确方法。我已尽力在网上搜索，但仍然无法找到替代方法。

- gsrunion

1个回答

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- jeffrey · Accepted Answer

试一下。

Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
connector.setScheme("https");
connector.setSecure(true);
protocol.setSSLEnabled(true);

try {
    ClassPathResource keystoreResource = new ClassPathResource("xxx.jks");
    URL keystoreUrl = keystoreResource.getURL();
    String keystoreLocation = keystoreUrl.toString();

    SSLHostConfig sslHostConfig = new SSLHostConfig();
    SSLHostConfigCertificate sslHostConfigCertificate = new SSLHostConfigCertificate(sslHostConfig, SSLHostConfigCertificate.Type.UNDEFINED);

    sslHostConfigCertificate.setCertificateKeystoreFile(keystoreLocation);
    sslHostConfigCertificate.setCertificateKeystoreType(keystoreType);
    sslHostConfigCertificate.setCertificateKeystorePassword(keystorePassword);
    sslHostConfigCertificate.setCertificateKeyAlias(keyAlias);

    sslHostConfig.addCertificate(sslHostConfigCertificate);
    protocol.addSslHostConfig(sslHostConfig);
}
catch (IOException ex) {
    
}