[关闭]
@wuxin1994 2019-06-04T17:38:27.000000Z 字数 12052 阅读 1053

zuul https解析

JAVA

https://blog.csdn.net/johntsu2006/article/details/80723726

关于https:
https://blog.csdn.net/ly131420/article/details/38400583

  1. D:\OpenSSL-Win64\bin>dir
  2.  驱动器 D 中的卷是 App
  3.  卷的序列号是 C67B-0BC3
  5.  D:\OpenSSL-Win64\bin 的目录
  7. 2019/06/04  15:08    <DIR>          .
  8. 2019/06/04  15:08    <DIR>          ..
  9. 2019/05/28  22:36             7,813 CA.pl
  10. 2019/05/28  22:36            69,120 capi.dll
  11. 2019/05/28  22:36            44,544 dasync.dll
  12. 2019/06/04  15:08             2,527 keystore.p12
  13. 2019/05/28  22:36         3,407,360 libcrypto-1_1-x64.dll
  14. 2019/05/28  22:36           681,472 libssl-1_1-x64.dll
  15. 2019/05/28  22:36           542,720 openssl.exe
  16. 2019/05/28  22:36            44,032 ossltest.dll
  17. 2019/05/28  22:36            39,936 padlock.dll
  18. 2019/05/31  16:01    <DIR>          PEM
  19. 2019/05/28  22:36             5,562 progs.pl
  20. 2019/05/28  22:36             6,779 tsget.pl
  21.               11 个文件      4,851,865 字节
  22.                3 个目录 379,711,356,928 可用字节
  24. D:\OpenSSL-Win64\bin>dir
  25.  驱动器 D 中的卷是 App
  26.  卷的序列号是 C67B-0BC3
  28.  D:\OpenSSL-Win64\bin 的目录
  30. 2019/06/04  15:15    <DIR>          .
  31. 2019/06/04  15:15    <DIR>          ..
  32. 2019/05/28  22:36             7,813 CA.pl
  33. 2019/05/28  22:36            69,120 capi.dll
  34. 2019/05/28  22:36            44,544 dasync.dll
  35. 2019/05/28  22:36         3,407,360 libcrypto-1_1-x64.dll
  36. 2019/05/28  22:36           681,472 libssl-1_1-x64.dll
  37. 2019/05/28  22:36           542,720 openssl.exe
  38. 2019/05/28  22:36            44,032 ossltest.dll
  39. 2019/05/28  22:36            39,936 padlock.dll
  40. 2019/05/31  16:01    <DIR>          PEM
  41. 2019/05/28  22:36             5,562 progs.pl
  42. 2019/05/28  22:36             6,779 tsget.pl
  43.               10 个文件      4,849,338 字节
  44.                3 个目录 379,711,348,736 可用字节
  46. D:\OpenSSL-Win64\bin>openssl genrsa -out server.pem
  47. Generating RSA private key, 2048 bit long modulus (2 primes)
  48. ...+++++
  49. ................................................+++++
  50. e is 65537 (0x010001)
  52. D:\OpenSSL-Win64\bin>openssl req -x509 -new -key server.pem -out server.crt
  53. You are about to be asked to enter information that will be incorporated
  54. into your certificate request.
  55. What you are about to enter is what is called a Distinguished Name or a DN.
  56. There are quite a few fields but you can leave some blank
  57. For some fields there will be a default value,
  58. If you enter '.', the field will be left blank.
  59. -----
  60. Country Name (2 letter code) [AU]:CN
  61. State or Province Name (full name) [Some-State]:beijing
  62. Locality Name (eg, city) []:beijing
  63. Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyServer
  64. Organizational Unit Name (eg, section) []:MySever
  65. Common Name (e.g. server FQDN or YOUR name) []:www.baidu.com
  66. Email Address []:
  68. D:\OpenSSL-Win64\bin>openssl genrsa -out htx-server.pem
  69. Generating RSA private key, 2048 bit long modulus (2 primes)
  70. ...................................................+++++
  71. ........+++++
  72. e is 65537 (0x010001)
  74. D:\OpenSSL-Win64\bin>openssl req -new -key htx-server.pem -out htx-server.csr
  75. You are about to be asked to enter information that will be incorporated
  76. into your certificate request.
  77. What you are about to enter is what is called a Distinguished Name or a DN.
  78. There are quite a few fields but you can leave some blank
  79. For some fields there will be a default value,
  80. If you enter '.', the field will be left blank.
  81. -----
  82. Country Name (2 letter code) [AU]:CN
  83. State or Province Name (full name) [Some-State]:beijing
  84. Locality Name (eg, city) []:beijing
  85. Organization Name (eg, company) [Internet Widgits Pty Ltd]:MySever2
  86. Organizational Unit Name (eg, section) []:Mysever2
  87. Common Name (e.g. server FQDN or YOUR name) []:www.baidu.com
  88. Email Address []:
  90. Please enter the following 'extra' attributes
  91. to be sent with your certificate request
  92. A challenge password []:
  93. An optional company name []:
  95. D:\OpenSSL-Win64\bin>openssl x509 -req -in htx-server.csr -CA server.crt -CAkey server.pem -CAcreateserial -days 3650 -out htx-server.crt
  96. Signature ok
  97. subject=C = CN, ST = beijing, L = beijing, O = MySever2, OU = Mysever2, CN = www.baidu.com
  98. Getting CA Private Key
  100. D:\OpenSSL-Win64\bin>keytool -importkeystore -srckeystore htx-server.p12 -destkeystore htx-server.jks -srcstoretype pkcs12
  101. 正在将密钥库 htx-server.p12 导入到 htx-server.jks...
  102. 输入目标密钥库口令:
  103. 再次输入新口令:
  104. 它们不匹配。请重试
  105. 输入目标密钥库口令:
  106. 再次输入新口令:
  107. 输入源密钥库口令:
  108. 已成功导入别名 1 的条目。
  109. 已完成导入命令: 1 个条目成功导入, 0 个条目失败或取消
  111. Warning:
  112. JKS 密钥库使用专用格式。建议使用 "keytool -importkeystore -srckeystore htx-server.jks -destkeystore htx-server.jks -deststoretype pkcs12" 迁移到行业标准格式 PKCS12
  114. D:\OpenSSL-Win64\bin>keytool -importcert -keystore htx-server.jks -file server.crt
  115. 输入密钥库口令:
  116. 所有者: CN=www.baidu.com, OU=MySever, O=MyServer, L=beijing, ST=beijing, C=CN
  117. 发布者: CN=www.baidu.com, OU=MySever, O=MyServer, L=beijing, ST=beijing, C=CN
  118. 序列号: 2086ab43ad3a294d722f1b14a0e4a3fa704e5087
  119. 有效期为 Tue Jun 04 15:33:51 CST 2019  Thu Jul 04 15:33:51 CST 2019
  120. 证书指纹:
  121.          MD5:  94:3D:FB:DF:15:27:63:7F:3B:8F:A9:78:A8:A0:48:C0
  122.          SHA1: 67:9D:FC:69:BB:E1:C9:F9:B2:DC:C8:3C:10:73:1C:EF:F0:DE:8C:71
  123.          SHA256: 5F:FB:EC:AE:C0:32:85:BF:3B:39:62:63:BB:F7:26:06:AA:37:67:B8:C9:9F:05:CD:67:23:B2:E0:B6:96:1C:FE
  124. 签名算法名称: SHA256withRSA
  125. 主体公共密钥算法: 2048  RSA 密钥
  126. 版本: 3
  128. 扩展:
  130. #1: ObjectId: 2.5.29.35 Criticality=false
  131. AuthorityKeyIdentifier [
  132. KeyIdentifier [
  133. 0000: 2A BC AE CE DB E9 7A F2   56 FC 1A B2 8D 22 AF 9D  *.....z.V...."..
  134. 0010: B5 04 47 CB                                        ..G.
  135. ]
  136. ]
  138. #2: ObjectId: 2.5.29.19 Criticality=true
  139. BasicConstraints:[
  140.   CA:true
  141.   PathLen:2147483647
  142. ]
  144. #3: ObjectId: 2.5.29.14 Criticality=false
  145. SubjectKeyIdentifier [
  146. KeyIdentifier [
  147. 0000: 2A BC AE CE DB E9 7A F2   56 FC 1A B2 8D 22 AF 9D  *.....z.V...."..
  148. 0010: B5 04 47 CB                                        ..G.
  149. ]
  150. ]
  152. 是否信任此证书? [否]:  y
  153. 证书已添加到密钥库中
  155. Warning:
  156. JKS 密钥库使用专用格式。建议使用 "keytool -importkeystore -srckeystore htx-server.jks -destkeystore htx-server.jks -deststoretype pkcs12" 迁移到行业标准格式 PKCS12
  158. D:\OpenSSL-Win64\bin>

https://blog.csdn.net/johntsu2006/article/details/80723726

  1. D:\OpenSSL-Win64\bin>openssl genrsa -out server.key 2048                                    Z
  2. Generating RSA private key, 2048 bit long modulus (2 primes)
  3. .........................................+++++
  4. ......+++++
  5. e is 65537 (0x010001)
  7. D:\OpenSSL-Win64\bin>openssl rsa -in server.key -pubout -out server.pem
  8. writing RSA key
  10. D:\OpenSSL-Win64\bin>openssl genrsa -out client.key 2048
  11. Generating RSA private key, 2048 bit long modulus (2 primes)
  12. ................................................................+++++
  13. .+++++
  14. e is 65537 (0x010001)
  16. D:\OpenSSL-Win64\bin>openssl rsa -in client.key -pubout -out client.pem
  17. writing RSA key
  19. D:\OpenSSL-Win64\bin>openssl genrsa -out ca.key 2048
  20. Generating RSA private key, 2048 bit long modulus (2 primes)
  21. ......+++++
  22. ...............................+++++
  23. e is 65537 (0x010001)
  25. D:\OpenSSL-Win64\bin>openssl req -new -key ca.key -out ca.csr
  26. You are about to be asked to enter information that will be incorporated
  27. into your certificate request.
  28. What you are about to enter is what is called a Distinguished Name or a DN.
  29. There are quite a few fields but you can leave some blank
  30. For some fields there will be a default value,
  31. If you enter '.', the field will be left blank.
  32. -----
  33. Country Name (2 letter code) [AU]:CN
  34. State or Province Name (full name) [Some-State]:beijing
  35. Locality Name (eg, city) []:beijing
  36. Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCA
  37. Organizational Unit Name (eg, section) []:MyCA
  38. Common Name (e.g. server FQDN or YOUR name) []:www.baidu.com
  39. Email Address []:
  41. Please enter the following 'extra' attributes
  42. to be sent with your certificate request
  43. A challenge password []:
  44. An optional company name []:
  46. D:\OpenSSL-Win64\bin>openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt
  47. Signature ok
  48. subject=C = CN, ST = beijing, L = beijing, O = MyCA, OU = MyCA, CN = www.baidu.com
  49. Getting Private key
  51. D:\OpenSSL-Win64\bin>openssl req -new -key server.key -out server.csr
  52. You are about to be asked to enter information that will be incorporated
  53. into your certificate request.
  54. What you are about to enter is what is called a Distinguished Name or a DN.
  55. There are quite a few fields but you can leave some blank
  56. For some fields there will be a default value,
  57. If you enter '.', the field will be left blank.
  58. -----
  59. Country Name (2 letter code) [AU]:CN
  60. State or Province Name (full name) [Some-State]:beijing
  61. Locality Name (eg, city) []:beijing
  62. Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyServer
  63. Organizational Unit Name (eg, section) []:MyServer
  64. Common Name (e.g. server FQDN or YOUR name) []:www.baidu.com
  65. Email Address []:
  67. Please enter the following 'extra' attributes
  68. to be sent with your certificate request
  69. A challenge password []:
  70. An optional company name []:
  72. D:\OpenSSL-Win64\bin>openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -in server.csr -out server.crt
  73. Signature ok
  74. subject=C = CN, ST = beijing, L = beijing, O = MyServer, OU = MyServer, CN = www.baidu.com
  75. Getting CA Private Key
  77. D:\OpenSSL-Win64\bin>openssl req -new -key client.key -out client.csr
  78. You are about to be asked to enter information that will be incorporated
  79. into your certificate request.
  80. What you are about to enter is what is called a Distinguished Name or a DN.
  81. There are quite a few fields but you can leave some blank
  82. For some fields there will be a default value,
  83. If you enter '.', the field will be left blank.
  84. -----
  85. Country Name (2 letter code) [AU]:CN
  86. State or Province Name (full name) [Some-State]:beijing
  87. Locality Name (eg, city) []:beijing
  88. Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyClient
  89. Organizational Unit Name (eg, section) []:Myclient
  90. Common Name (e.g. server FQDN or YOUR name) []:www.baidu.com
  91. Email Address []:
  93. Please enter the following 'extra' attributes
  94. to be sent with your certificate request
  95. A challenge password []:
  96. An optional company name []:
  98. D:\OpenSSL-Win64\bin>openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -in client.csr -out client.crt
  99. Signature ok
  100. subject=C = CN, ST = beijing, L = beijing, O = MyClient, OU = Myclient, CN = www.baidu.com
  101. Getting CA Private Key
  103. D:\OpenSSL-Win64\bin>dir
  104.  驱动器 D 中的卷是 App
  105.  卷的序列号是 C67B-0BC3
  107.  D:\OpenSSL-Win64\bin 的目录
  109. 2019/06/04  14:29    <DIR>          .
  110. 2019/06/04  14:29    <DIR>          ..
  111. 2019/06/04  14:27             1,236 ca.crt
  112. 2019/06/04  14:27             1,022 ca.csr
  113. 2019/06/04  14:25             1,706 ca.key
  114. 2019/05/28  22:36             7,813 CA.pl
  115. 2019/06/04  14:29                42 ca.srl
  116. 2019/05/28  22:36            69,120 capi.dll
  117. 2019/06/04  14:29             1,250 client.crt
  118. 2019/06/04  14:28             1,030 client.csr
  119. 2019/06/04  14:25             1,702 client.key
  120. 2019/06/04  14:25               460 client.pem
  121. 2019/05/28  22:36            44,544 dasync.dll
  122. 2019/05/28  22:36         3,407,360 libcrypto-1_1-x64.dll
  123. 2019/05/28  22:36           681,472 libssl-1_1-x64.dll
  124. 2019/05/28  22:36           542,720 openssl.exe
  125. 2019/05/28  22:36            44,032 ossltest.dll
  126. 2019/05/28  22:36            39,936 padlock.dll
  127. 2019/05/31  16:01    <DIR>          PEM
  128. 2019/05/28  22:36             5,562 progs.pl
  129. 2019/06/04  14:28             1,250 server.crt
  130. 2019/06/04  14:28             1,030 server.csr
  131. 2019/06/04  14:24             1,706 server.key
  132. 2019/06/04  14:25               460 server.pem
  133. 2019/05/28  22:36             6,779 tsget.pl
  134.               22 个文件      4,862,232 字节
  135.                3 个目录 379,711,369,216 可用字节

报错:

  1. org.apache.catalina.LifecycleException: Protocol handler start failed
  2.     at org.apache.catalina.connector.Connector.startInternal(Connector.java:1008) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
  3.     at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
  4.     at org.apache.catalina.core.StandardService.addConnector(StandardService.java:226) [tomcat-embed-core-9.0.19.jar:9.0.19]
  5.     at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:259) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  6.     at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  7.     at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:311) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  8.     at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:164) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  9.     at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:552) [spring-context-5.1.7.RELEASE.jar:5.1.7.RELEASE]
  10.     at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:142) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  11.     at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:775) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  12.     at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  13.     at org.springframework.boot.SpringApplication.run(SpringApplication.java:316) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  14.     at org.springframework.boot.SpringApplication.run(SpringApplication.java:1260) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  15.     at org.springframework.boot.SpringApplication.run(SpringApplication.java:1248) [spring-boot-2.1.5.RELEASE.jar:2.1.5.RELEASE]
  16.     at com.jdcloud.httpszuul.HttpszuulApplication.main(HttpszuulApplication.java:15) [classes/:na]
  17. Caused by: java.lang.IllegalArgumentException: No SSLHostConfig element was found with the hostName [_default_] to match the defaultSSLHostConfigName for the connector [https-jsse-nio-8443]
  18.     at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:76) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
  19.     at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:227) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
  20.     at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1116) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
  21.     at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1202) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
  22.     at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:568) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
  23.     at org.apache.catalina.connector.Connector.startInternal(Connector.java:1005) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
  24.     ... 14 common frames omitted

导入证书

添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注