按照网上找的资料,使用keytool生成一个p12的证书,添加到项目中。之后项目可以正常启动并访问,http:8080,和https:443。
但是过一段时间,或者重启浏览器,https:443端口就无法访问了
chrome显示ERR_SSL_PROTOCOL_ERROR
后台报错:
[https-jsse-nio-8443-exec-10][NioEndpoint]
java.lang.NullPointerException: null
at org.bouncycastle.crypto.signers.PSSSigner.generateSignature(Unknown Source)
at org.bouncycastle.jcajce.provider.asymmetric.rsa.PSSSignatureSpi.engineSign(Unknown Source)
at java.security.Signature$Delegate.engineSign(Signature.java:1382)
at java.security.Signature.sign(Signature.java:698)
at sun.security.ssl.CertificateVerify$T13CertificateVerifyMessage.<init>(CertificateVerify.java:931)
at sun.security.ssl.CertificateVerify$T13CertificateVerifyProducer.onProduceCertificateVerify(CertificateVerify.java:1105)
at sun.security.ssl.CertificateVerify$T13CertificateVerifyProducer.produce(CertificateVerify.java:1098)
at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:420)
at sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1096)
at sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1032)
at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:716)
at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:683)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:983)
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:970)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:917)
at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:423)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:483)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1475)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
我的配置文件如下
application.properties:
server.port=443
server.ssl.key-store=classpath:keystore.p12
server.ssl.key-store-password=123456
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=michael
HttpConfig:
@Configuration
public class TomcatHttpConfig {
@Bean
public TomcatServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
return tomcat;
}
private Connector initiateHttpConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(443);
return connector;
}
}
keytool指令:
keytool -genkey -alias michael -dname "CN=Michael,OU=test,O=test,L=test,ST=test,C=CN" -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 365
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
