[关闭]
@wuxin1994 2019-06-04T09:38:27.000000Z 字数 12052 阅读 113

zuul https解析

JAVA


https://blog.csdn.net/johntsu2006/article/details/80723726

关于https:
https://blog.csdn.net/ly131420/article/details/38400583

  1. D:\OpenSSL-Win64\bin>dir
  2. 驱动器 D 中的卷是 App
  3. 卷的序列号是 C67B-0BC3
  4. D:\OpenSSL-Win64\bin 的目录
  5. 2019/06/04 15:08 <DIR> .
  6. 2019/06/04 15:08 <DIR> ..
  7. 2019/05/28 22:36 7,813 CA.pl
  8. 2019/05/28 22:36 69,120 capi.dll
  9. 2019/05/28 22:36 44,544 dasync.dll
  10. 2019/06/04 15:08 2,527 keystore.p12
  11. 2019/05/28 22:36 3,407,360 libcrypto-1_1-x64.dll
  12. 2019/05/28 22:36 681,472 libssl-1_1-x64.dll
  13. 2019/05/28 22:36 542,720 openssl.exe
  14. 2019/05/28 22:36 44,032 ossltest.dll
  15. 2019/05/28 22:36 39,936 padlock.dll
  16. 2019/05/31 16:01 <DIR> PEM
  17. 2019/05/28 22:36 5,562 progs.pl
  18. 2019/05/28 22:36 6,779 tsget.pl
  19. 11 个文件 4,851,865 字节
  20. 3 个目录 379,711,356,928 可用字节
  21. D:\OpenSSL-Win64\bin>dir
  22. 驱动器 D 中的卷是 App
  23. 卷的序列号是 C67B-0BC3
  24. D:\OpenSSL-Win64\bin 的目录
  25. 2019/06/04 15:15 <DIR> .
  26. 2019/06/04 15:15 <DIR> ..
  27. 2019/05/28 22:36 7,813 CA.pl
  28. 2019/05/28 22:36 69,120 capi.dll
  29. 2019/05/28 22:36 44,544 dasync.dll
  30. 2019/05/28 22:36 3,407,360 libcrypto-1_1-x64.dll
  31. 2019/05/28 22:36 681,472 libssl-1_1-x64.dll
  32. 2019/05/28 22:36 542,720 openssl.exe
  33. 2019/05/28 22:36 44,032 ossltest.dll
  34. 2019/05/28 22:36 39,936 padlock.dll
  35. 2019/05/31 16:01 <DIR> PEM
  36. 2019/05/28 22:36 5,562 progs.pl
  37. 2019/05/28 22:36 6,779 tsget.pl
  38. 10 个文件 4,849,338 字节
  39. 3 个目录 379,711,348,736 可用字节
  40. D:\OpenSSL-Win64\bin>openssl genrsa -out server.pem
  41. Generating RSA private key, 2048 bit long modulus (2 primes)
  42. ...+++++
  43. ................................................+++++
  44. e is 65537 (0x010001)
  45. D:\OpenSSL-Win64\bin>openssl req -x509 -new -key server.pem -out server.crt
  46. You are about to be asked to enter information that will be incorporated
  47. into your certificate request.
  48. What you are about to enter is what is called a Distinguished Name or a DN.
  49. There are quite a few fields but you can leave some blank
  50. For some fields there will be a default value,
  51. If you enter '.', the field will be left blank.
  52. -----
  53. Country Name (2 letter code) [AU]:CN
  54. State or Province Name (full name) [Some-State]:beijing
  55. Locality Name (eg, city) []:beijing
  56. Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyServer
  57. Organizational Unit Name (eg, section) []:MySever
  58. Common Name (e.g. server FQDN or YOUR name) []:www.baidu.com
  59. Email Address []:
  60. D:\OpenSSL-Win64\bin>openssl genrsa -out htx-server.pem
  61. Generating RSA private key, 2048 bit long modulus (2 primes)
  62. ...................................................+++++
  63. ........+++++
  64. e is 65537 (0x010001)
  65. D:\OpenSSL-Win64\bin>openssl req -new -key htx-server.pem -out htx-server.csr
  66. You are about to be asked to enter information that will be incorporated
  67. into your certificate request.
  68. What you are about to enter is what is called a Distinguished Name or a DN.
  69. There are quite a few fields but you can leave some blank
  70. For some fields there will be a default value,
  71. If you enter '.', the field will be left blank.
  72. -----
  73. Country Name (2 letter code) [AU]:CN
  74. State or Province Name (full name) [Some-State]:beijing
  75. Locality Name (eg, city) []:beijing
  76. Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySever2
  77. Organizational Unit Name (eg, section) []:Mysever2
  78. Common Name (e.g. server FQDN or YOUR name) []:www.baidu.com
  79. Email Address []:
  80. Please enter the following 'extra' attributes
  81. to be sent with your certificate request
  82. A challenge password []:
  83. An optional company name []:
  84. D:\OpenSSL-Win64\bin>openssl x509 -req -in htx-server.csr -CA server.crt -CAkey server.pem -CAcreateserial -days 3650 -out htx-server.crt
  85. Signature ok
  86. subject=C = CN, ST = beijing, L = beijing, O = MySever2, OU = Mysever2, CN = www.baidu.com
  87. Getting CA Private Key
  88. D:\OpenSSL-Win64\bin>keytool -importkeystore -srckeystore htx-server.p12 -destkeystore htx-server.jks -srcstoretype pkcs12
  89. 正在将密钥库 htx-server.p12 导入到 htx-server.jks...
  90. 输入目标密钥库口令:
  91. 再次输入新口令:
  92. 它们不匹配。请重试
  93. 输入目标密钥库口令:
  94. 再次输入新口令:
  95. 输入源密钥库口令:
  96. 已成功导入别名 1 的条目。
  97. 已完成导入命令: 1 个条目成功导入, 0 个条目失败或取消
  98. Warning:
  99. JKS 密钥库使用专用格式。建议使用 "keytool -importkeystore -srckeystore htx-server.jks -destkeystore htx-server.jks -deststoretype pkcs12" 迁移到行业标准格式 PKCS12
  100. D:\OpenSSL-Win64\bin>keytool -importcert -keystore htx-server.jks -file server.crt
  101. 输入密钥库口令:
  102. 所有者: CN=www.baidu.com, OU=MySever, O=MyServer, L=beijing, ST=beijing, C=CN
  103. 发布者: CN=www.baidu.com, OU=MySever, O=MyServer, L=beijing, ST=beijing, C=CN
  104. 序列号: 2086ab43ad3a294d722f1b14a0e4a3fa704e5087
  105. 有效期为 Tue Jun 04 15:33:51 CST 2019 Thu Jul 04 15:33:51 CST 2019
  106. 证书指纹:
  107. MD5: 94:3D:FB:DF:15:27:63:7F:3B:8F:A9:78:A8:A0:48:C0
  108. SHA1: 67:9D:FC:69:BB:E1:C9:F9:B2:DC:C8:3C:10:73:1C:EF:F0:DE:8C:71
  109. SHA256: 5F:FB:EC:AE:C0:32:85:BF:3B:39:62:63:BB:F7:26:06:AA:37:67:B8:C9:9F:05:CD:67:23:B2:E0:B6:96:1C:FE
  110. 签名算法名称: SHA256withRSA
  111. 主体公共密钥算法: 2048 RSA 密钥
  112. 版本: 3
  113. 扩展:
  114. #1: ObjectId: 2.5.29.35 Criticality=false
  115. AuthorityKeyIdentifier [
  116. KeyIdentifier [
  117. 0000: 2A BC AE CE DB E9 7A F2 56 FC 1A B2 8D 22 AF 9D *.....z.V...."..
  118. 0010: B5 04 47 CB ..G.
  119. ]
  120. ]
  121. #2: ObjectId: 2.5.29.19 Criticality=true
  122. BasicConstraints:[
  123. CA:true
  124. PathLen:2147483647
  125. ]
  126. #3: ObjectId: 2.5.29.14 Criticality=false
  127. SubjectKeyIdentifier [
  128. KeyIdentifier [
  129. 0000: 2A BC AE CE DB E9 7A F2 56 FC 1A B2 8D 22 AF 9D *.....z.V...."..
  130. 0010: B5 04 47 CB ..G.
  131. ]
  132. ]
  133. 是否信任此证书? [否]: y
  134. 证书已添加到密钥库中
  135. Warning:
  136. JKS 密钥库使用专用格式。建议使用 "keytool -importkeystore -srckeystore htx-server.jks -destkeystore htx-server.jks -deststoretype pkcs12" 迁移到行业标准格式 PKCS12
  137. D:\OpenSSL-Win64\bin>

https://blog.csdn.net/johntsu2006/article/details/80723726

  1. D:\OpenSSL-Win64\bin>openssl genrsa -out server.key 2048 Z
  2. Generating RSA private key, 2048 bit long modulus (2 primes)
  3. .........................................+++++
  4. ......+++++
  5. e is 65537 (0x010001)
  6. D:\OpenSSL-Win64\bin>openssl rsa -in server.key -pubout -out server.pem
  7. writing RSA key
  8. D:\OpenSSL-Win64\bin>openssl genrsa -out client.key 2048
  9. Generating RSA private key, 2048 bit long modulus (2 primes)
  10. ................................................................+++++
  11. .+++++
  12. e is 65537 (0x010001)
  13. D:\OpenSSL-Win64\bin>openssl rsa -in client.key -pubout -out client.pem
  14. writing RSA key
  15. D:\OpenSSL-Win64\bin>openssl genrsa -out ca.key 2048
  16. Generating RSA private key, 2048 bit long modulus (2 primes)
  17. ......+++++
  18. ...............................+++++
  19. e is 65537 (0x010001)
  20. D:\OpenSSL-Win64\bin>openssl req -new -key ca.key -out ca.csr
  21. You are about to be asked to enter information that will be incorporated
  22. into your certificate request.
  23. What you are about to enter is what is called a Distinguished Name or a DN.
  24. There are quite a few fields but you can leave some blank
  25. For some fields there will be a default value,
  26. If you enter '.', the field will be left blank.
  27. -----
  28. Country Name (2 letter code) [AU]:CN
  29. State or Province Name (full name) [Some-State]:beijing
  30. Locality Name (eg, city) []:beijing
  31. Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCA
  32. Organizational Unit Name (eg, section) []:MyCA
  33. Common Name (e.g. server FQDN or YOUR name) []:www.baidu.com
  34. Email Address []:
  35. Please enter the following 'extra' attributes
  36. to be sent with your certificate request
  37. A challenge password []:
  38. An optional company name []:
  39. D:\OpenSSL-Win64\bin>openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt
  40. Signature ok
  41. subject=C = CN, ST = beijing, L = beijing, O = MyCA, OU = MyCA, CN = www.baidu.com
  42. Getting Private key
  43. D:\OpenSSL-Win64\bin>openssl req -new -key server.key -out server.csr
  44. You are about to be asked to enter information that will be incorporated
  45. into your certificate request.
  46. What you are about to enter is what is called a Distinguished Name or a DN.
  47. There are quite a few fields but you can leave some blank
  48. For some fields there will be a default value,
  49. If you enter '.', the field will be left blank.
  50. -----
  51. Country Name (2 letter code) [AU]:CN
  52. State or Province Name (full name) [Some-State]:beijing
  53. Locality Name (eg, city) []:beijing
  54. Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyServer
  55. Organizational Unit Name (eg, section) []:MyServer
  56. Common Name (e.g. server FQDN or YOUR name) []:www.baidu.com
  57. Email Address []:
  58. Please enter the following 'extra' attributes
  59. to be sent with your certificate request
  60. A challenge password []:
  61. An optional company name []:
  62. D:\OpenSSL-Win64\bin>openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -in server.csr -out server.crt
  63. Signature ok
  64. subject=C = CN, ST = beijing, L = beijing, O = MyServer, OU = MyServer, CN = www.baidu.com
  65. Getting CA Private Key
  66. D:\OpenSSL-Win64\bin>openssl req -new -key client.key -out client.csr
  67. You are about to be asked to enter information that will be incorporated
  68. into your certificate request.
  69. What you are about to enter is what is called a Distinguished Name or a DN.
  70. There are quite a few fields but you can leave some blank
  71. For some fields there will be a default value,
  72. If you enter '.', the field will be left blank.
  73. -----
  74. Country Name (2 letter code) [AU]:CN
  75. State or Province Name (full name) [Some-State]:beijing
  76. Locality Name (eg, city) []:beijing
  77. Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyClient
  78. Organizational Unit Name (eg, section) []:Myclient
  79. Common Name (e.g. server FQDN or YOUR name) []:www.baidu.com
  80. Email Address []:
  81. Please enter the following 'extra' attributes
  82. to be sent with your certificate request
  83. A challenge password []:
  84. An optional company name []:
  85. D:\OpenSSL-Win64\bin>openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -in client.csr -out client.crt
  86. Signature ok
  87. subject=C = CN, ST = beijing, L = beijing, O = MyClient, OU = Myclient, CN = www.baidu.com
  88. Getting CA Private Key
  89. D:\OpenSSL-Win64\bin>dir
  90. 驱动器 D 中的卷是 App
  91. 卷的序列号是 C67B-0BC3
  92. D:\OpenSSL-Win64\bin 的目录
  93. 2019/06/04 14:29 <DIR> .
  94. 2019/06/04 14:29 <DIR> ..
  95. 2019/06/04 14:27 1,236 ca.crt
  96. 2019/06/04 14:27 1,022 ca.csr
  97. 2019/06/04 14:25 1,706 ca.key
  98. 2019/05/28 22:36 7,813 CA.pl
  99. 2019/06/04 14:29 42 ca.srl
  100. 2019/05/28 22:36 69,120 capi.dll
  101. 2019/06/04 14:29 1,250 client.crt
  102. 2019/06/04 14:28 1,030 client.csr
  103. 2019/06/04 14:25 1,702 client.key
  104. 2019/06/04 14:25 460 client.pem
  105. 2019/05/28 22:36 44,544 dasync.dll
  106. 2019/05/28 22:36 3,407,360 libcrypto-1_1-x64.dll
  107. 2019/05/28 22:36 681,472 libssl-1_1-x64.dll
  108. 2019/05/28 22:36 542,720 openssl.exe
  109. 2019/05/28 22:36 44,032 ossltest.dll
  110. 2019/05/28 22:36 39,936 padlock.dll
  111. 2019/05/31 16:01 <DIR> PEM
  112. 2019/05/28 22:36 5,562 progs.pl
  113. 2019/06/04 14:28 1,250 server.crt
  114. 2019/06/04 14:28 1,030 server.csr
  115. 2019/06/04 14:24 1,706 server.key
  116. 2019/06/04 14:25 460 server.pem
  117. 2019/05/28 22:36 6,779 tsget.pl
  118. 22 个文件 4,862,232 字节
  119. 3 个目录 379,711,369,216 可用字节

报错:

  1. org.apache.catalina.LifecycleException: Protocol handler start failed
  2. at org.apache.catalina.connector.Connector.startInternal(Connector.java:1008) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
  3. at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
  4. at org.apache.catalina.core.StandardService.addConnector(StandardService.java:226) [tomcat-embed-core-9.0.19.jar:9.0.19]
  5. at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:259) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  6. at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  7. at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:311) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  8. at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:164) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  9. at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:552) [spring-context-5.1.7.RELEASE.jar:5.1.7.RELEASE]
  10. at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:142) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  11. at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:775) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  12. at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  13. at org.springframework.boot.SpringApplication.run(SpringApplication.java:316) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  14. at org.springframework.boot.SpringApplication.run(SpringApplication.java:1260) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  15. at org.springframework.boot.SpringApplication.run(SpringApplication.java:1248) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  16. at com.jdcloud.httpszuul.HttpszuulApplication.main(HttpszuulApplication.java:15) [classes/:na]
  17. Caused by: java.lang.IllegalArgumentException: No SSLHostConfig element was found with the hostName [_default_] to match the defaultSSLHostConfigName for the connector [https-jsse-nio-8443]
  18. at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:76) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
  19. at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:227) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
  20. at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1116) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
  21. at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1202) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
  22. at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:568) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
  23. at org.apache.catalina.connector.Connector.startInternal(Connector.java:1005) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
  24. ... 14 common frames omitted

导入证书

添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注