- 為Eureka Client生成證書
client:keytool -genkeypair -alias client -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore client.p12 -validity 3650
Eureka Client證書的密碼設定的是:client輸入密鑰庫密碼: 再次輸入新密碼: 您的名字與姓氏是什麼? [Unknown]: 您的組織機關名稱是什麼? [Unknown]: 您的組織名稱是什麼? [Unknown]: 您所在的城市或區域名稱是什麼? [Unknown]: 您所在的省/市/自治區名稱是什麼? [Unknown]: 該機關的雙字母國家/地區代碼是什麼? [Unknown]: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown是否正确? [否]: y - 為Eureka Serveer生成證書
keytool -genkeypair -alias server -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore server.p12 -validity 3650輸入密鑰庫密碼: 再次輸入新密碼: 您的名字與姓氏是什麼? [Unknown]: 您的組織機關名稱是什麼? [Unknown]: 您的組織名稱是什麼? [Unknown]: 您所在的城市或區域名稱是什麼? [Unknown]: 您所在的省/市/自治區名稱是什麼? [Unknown]: 該機關的雙字母國家/地區代碼是什麼? [Unknown]: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown是否正确? [否]: yEureka Client證書的密碼設定的是:server
經過上面兩個操作之後,目前目錄下會生成兩個.p12檔案,分别是client.p12和server.p12。
- 下面分别導出兩個p12證書,如下:
keytool -export -alias client -file client.crt --keystore client.p12輸入密鑰庫密碼: 存儲在檔案 <client.crt> 中的證書keytool -export -alias server -file server.crt --keystore server.p12輸入密鑰庫密碼: 存儲在檔案 <server.crt> 中的證書 - 接下來,将server.crt檔案導入client.p12中,使client端信任server的證書
keytool -import -alias server -file server.crt -keystore client.p12輸入密鑰庫密碼: 所有者: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown 釋出者: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown 序列号: 1835fea4 有效期開始日期: Wed Aug 21 11:37:51 CST 2019, 截止日期: Sat Aug 18 11:37:51 CST 2029 證書指紋: MD5: 6E:4B:26:19:44:DD:1A:F2:DE:F8:B8:25:A0:17:28:DA SHA1: 87:5C:4F:84:6B:D6:E5:6D:4E:1C:61:B6:87:99:1E:AD:85:6F:31:75 SHA256: E4:47:2B:F5:D2:73:0E:81:64:B7:0F:A1:0A:99:B4:41:8F:D9:A3:5A:E4:15:7C:58:36:00:B5:E9:AF:8F:81:23 簽名算法名稱: SHA256withRSA 版本: 3 擴充: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 19 48 C8 13 BB 25 DE FF 9B 72 9F EC B0 D4 6C 91 .H...%...r....l. 0010: 2F F5 B2 14 /... ] ] 是否信任此證書? [否]: y 證書已添加到密鑰庫中這裡輸入client.p12的密碼:client。
将client.crt檔案導入server.p12中,使server端信任client的證書
keytool -import -alias client -file client.crt -keystore server.p12
這裡輸入server.p12的密碼:server。輸入密鑰庫密碼: 所有者: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown 釋出者: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown 序列号: 6e0b1e14 有效期開始日期: Wed Aug 21 11:39:23 CST 2019, 截止日期: Sat Aug 18 11:39:23 CST 2029 證書指紋: MD5: C3:75:BC:D1:01:21:E0:E1:EA:C7:88:D0:BD:2C:3B:D3 SHA1: 7E:58:1C:86:5F:28:B0:6F:69:A2:47:E6:32:3D:B6:8A:32:20:34:4E SHA256: C2:97:D0:68:DF:32:E2:CC:C0:7D:23:74:89:E3:37:EC:92:DB:41:6B:EE:13:C0:D7:5A:D0:C9:45:F1:86:CB:C1 簽名算法名稱: SHA256withRSA 版本: 3 擴充: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: E8 48 CB CB 3A E9 96 B4 03 50 B7 FA 53 8A E3 71 .H..:....P..S..q 0010: FD C3 EB 74 ...t ] ] 是否信任此證書? [否]: y 證書已添加到密鑰庫中 - 建立eureka-server工程,将server.p12檔案放到resources目錄下,并在application.yml下配置如下資訊。
server: port: 8761 ssl: enabled: true key-store: classpath:server.p12 key-alias: server key-store-type: PKCS12 key-store-password: server eureka: instance: hostname: localhost secure-port: 443 secure-port-enabled: true non-secure-port-enabled: false #該執行個體應該接收通信的非安全端口是否啟用,預設為true home-page-url: https://${eureka.instance.hostname}:${server.port}/ status-page-url: https://${eureka.instance.hostname}:${server.port}/ client: fetch-registry: false register-with-eureka: false service-url: defaultZone: https://${eureka.instance.hostname}:${server.port}/eureka server: wait-time-in-ms-when-sync-empty: 0 enable-self-preservation: false啟動eureka-server,通路https://localhost:8761/發現可以使用https進行通路。
建立eureka-client工程,将client.p12檔案放到resources目錄下,并在application.yml下配置如下資訊。
server: port: 8080 eureka: client: securePortEnabled: true ssl: key-store: client.p12 key-store-password: client service-url: defaultZone: https://localhost:8761/eureka spring: application: name: eureka-client我們這裡沒有指定整個應用執行個體啟用HTTPS,僅僅是開啟通路eureka-server的HTTPS配置。通過自定義配置eureka.client.ssl.key-store和eureka.client.ssl.key-store-password兩個屬性,指定eureka-client通路eureka-server的sslContext配置。這裡需要在代碼裡指定DiscoveryClient.DiscoveryClientOptionalArgs。
在eureka-client項目下新增一個配置類EurekaHttpsClientConfig,代碼如下。
上面的代碼還需要httpclient的依賴@Configuration public class EurekaHttpsClientConfig { @Value("${eureka.client.ssl.key-store}") String keyStoreFileName; @Value("${eureka.client.ssl.key-store-password}") String keyStorePassword; @Bean public DiscoveryClient.DiscoveryClientOptionalArgs discoveryClientOptionalArgs() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException { EurekaJerseyClientImpl.EurekaJerseyClientBuilder builder = new EurekaJerseyClientImpl.EurekaJerseyClientBuilder(); builder.withClientName("eureka-https-client"); SSLContext sslContext = new SSLContextBuilder() .loadTrustMaterial( this.getClass().getClassLoader().getResource(keyStoreFileName),keyStorePassword.toCharArray() ) .build(); builder.withCustomSSL(sslContext); builder.withMaxTotalConnections(10); builder.withMaxConnectionsPerHost(10); DiscoveryClient.DiscoveryClientOptionalArgs args = new DiscoveryClient.DiscoveryClientOptionalArgs(); args.setEurekaJerseyClient(builder.build()); return args; } }
啟動eureka-client,發現eureka-client已經成功注冊到eureka-server上了。<dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>4.5.5</version> </dependency>
轉載于:https://www.cnblogs.com/junzhao/p/11394702.html
![Java小案例——随機數猜測随機數猜測[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)