SpringGateway网关增加https证书验证

文章目录


前言

设:

网址:bztc.website

网关地址:bztc.website:10086


一、申请证书

申请证书后,会有如下文件:

bztc.website.crt

bztc.website.key

二、转换证书

转换成bztc.website.p12文件。

2.1 设置强密码

密码尽可能复杂。

bash 复制代码
openssl rand -base64 16
# 示例输出:fD8tYjW7k3K2mN8zT4w0ZA==

2.2 转换成.p12文件

在服务器上执行:

bash 复制代码
openssl pkcs12 -export \
  -in bztc.website.crt \
  -inkey bztc.website.key \
  -out bztc.website.p12 \
  -name bztc.website \
  -passout pass:fD8tYjW7k3K2mN8zT4w0ZA==

然后当前目录会生成bztc.website.p12文件:

三、配置gateway网关

配置yaml文件:

yml 复制代码
server:
  ssl:
    key-store: /root/bztc-gateway/cert/bztc.website.p12
    key-store-password: fD8tYjW7k3K2mN8zT4w0ZA==
    key-store-type: PKCS12
spring:
  cloud:
    # 网关配置
    gateway:
      # 微服务名称配置
      discovery:
        locator:
          enabled: true # 设置为true 请求路径前可以添加微服务名称(开启微服务发现功能)
          lower-case-service-id: true # 将请求路径上的服务名配置为小写
      globalcors:
        corsConfigurations:
          '[/**]':
            allowedOrigins:
              - "https://bztc.website"
            allowedMethods:
              - GET
              - POST
            allowedHeaders:
              - "*"
            allowCredentials: true

四、重启网关

五、验证

执行:

bash 复制代码
openssl s_client -connect bztc.website:10086

会输出如下内容:

bash 复制代码
CONNECTED(00000003)
depth=3 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=2 C = GB, O = Sectigo Limited, CN = Sectigo Public Server Authentication Root R46
verify return:1
depth=1 C = GB, O = Sectigo Limited, CN = Sectigo Public Server Authentication CA DV R36
verify return:1
depth=0 CN = bztc.website
verify return:1
---
Certificate chain
 0 s:CN = bztc.website
   i:C = GB, O = Sectigo Limited, CN = Sectigo Public Server Authentication CA DV R36
 1 s:C = GB, O = Sectigo Limited, CN = Sectigo Public Server Authentication CA DV R36
   i:C = GB, O = Sectigo Limited, CN = Sectigo Public Server Authentication Root R46
 2 s:C = GB, O = Sectigo Limited, CN = Sectigo Public Server Authentication Root R46
   i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGhTCCBO2gAwIBAgIQDuUsPcCGslpPkloIAE4f3zANBgkqhkiG9w0BAQsFADBg
..................................................................
MxQfDEuUqQf7FuhtEvxdLAW4exUecNZM+eOIMpWs0Jv51w53AL3e+Ts=
-----END CERTIFICATE-----
subject=CN = bztc.website

issuer=C = GB, O = Sectigo Limited, CN = Sectigo Public Server Authentication CA DV R36

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5548 bytes and written 394 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    ..............................................................................................................................................................................................................................
    00c0 - ef 43 fb cf 65 ff f3 65-c3 4b 67 c9 06 91 1f 6d   .C..e..e.Kg....m
    00d0 - 20 18 4c 1c 1b 20 0d 78-51 c0 ef 01 cc be a0 1f    .L.. .xQ.......
    00e0 - ab 8e b9 20 1b 55 1b 86-80 ea da 73 19 be ee 8c   ... .U.....s....

    Start Time: 1752073620
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    ..........................................................................................................................................................................................
    00c0 - e5 d8 24 15 be b7 8d 36-97 fb a5 7f 05 71 65 6c   ..$....6.....qel
    00d0 - 1b 1c ac 1a 2f 93 10 d6-09 c9 a9 d0 09 db 49 25   ..../.........I%
    00e0 - d6 bc a3 19 6d 39 1e fd-45 42 bf 22 78 ed cd 00   ....m9..EB."x...

    Start Time: 1752073620
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK

最后需保证网关接口可正常访问。


总结

SpringGateway网关增加https证书验证

相关推荐
爱思德学术1 小时前
中国计算机学会(CCF)推荐学术会议-B(计算机体系结构/并行与分布计算/存储系统):SOCC 2025
网络协议·机器学习·云计算·边缘计算
Running_C5 小时前
常见web攻击类型
前端·http
2501_915374359 小时前
WHIP(WebRTC HTTP Ingestion Protocol)详解
网络协议·tcp/ip·udp
0wioiw011 小时前
Flutter基础(前端教程⑦-Http和卡片)
前端·flutter·http
AliciaIr12 小时前
揭秘HTTP的“无情”与前端存储的“深情”:从Cookie到IndexedDB,你真的懂了吗?
http
杰尼橙子12 小时前
DPDK graph图节点处理框架:模块化数据流计算的设计与实现
网络协议·性能优化
不羁。。13 小时前
【网络协议安全】任务13:ACL访问控制列表
网络·网络协议·安全
车载测试工程师13 小时前
汽车功能安全系统阶段开发【技术安全方案TSC以及安全分析】5
功能测试·网络协议·安全·车载系统·汽车
阿维的博客日记1 天前
(生活比喻-图文并茂)http2.0和http3.0的队头阻塞,http2.0应用层解决,TCP层存在,3.0就是彻底解决,到底怎么理解区别???
网络协议·tcp/ip