我需要在 https 上使用 Spring Boot 应用程序。我有一个letsencrypt签名的 key 。我将此证书转换为 PKCS12,如下所示:
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname root
我将此 keystore 文件复制到资源目录,这是配置部分:
require-ssl: true
server:
port: 8443
ssl:
key-store-type: PKCS12
key-store: classpath:keystore.p12
key-store-password: xxxxx
key-alias: tomcat
如果我检查这个 keystore ,我得到了这个:
keytool -list -keystore keystore.p12
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
tomcat, May 15, 2019, PrivateKeyEntry,
Certificate fingerprint (SHA-256):
当我启动我的应用程序时:
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=111, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:599)
at sun.security.util.DerValue.init(DerValue.java:391)
at sun.security.util.DerValue.<init>(DerValue.java:332)
at sun.security.util.DerValue.<init>(DerValue.java:345)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1938)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:449)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:353)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:606)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:546)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:371)
at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:763)
at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:491)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:986)
我需要配置任何其他吗?
谢谢,
扎梅克
最佳答案
发现问题了,我的pom.xml里面有个资源过滤插件破坏了key文件。我不得不从资源过滤器插件中排除 key 文件。
关于spring boot https PKCS12 DerInputStream.getLength() : lengthTag=111, 太大,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56148884/