

我有一个运行在ec2实例上的Web服务器,该实例内部调用使用Spring Boot构建的REST服务器.现在,我正在尝试使此REST服务器在SSL下运行.到目前为止,这是我所做的:

I've a web server running on an ec2-instance which internally calls a REST server that is built using Spring Boot. Now, I am trying to get this REST server running under SSL. Here's what I've done so far:


1) Created a CSR & a key file using this command

openssl req -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.csr

2)Copied 'csr' to get SSL certificate from GoDaddy.


3) Successfully installed the certificate under Nginx on my ec2-instance.


4) When I hit the home page under https, it works. I no longer get 'Not secure' message from the browser.


5) Login fails because it makes a REST call but REST server is not running under SSL so I am trying to get it running under SSL.


keytool -import -alias mydomain -keystore tomcat.keystore -trustcacerts -file mydomain.com.chained.crt
keytool -import -alias mydomain-key -keystore tomcat.keystore -trustcacerts -file mydomain.key

上一条命令给我一条错误消息: "keytool错误:java.lang.Exception:输入的不是X.509证书"

The previous command gives me an error message: "keytool error: java.lang.Exception: Input not an X.509 certificate"


But this was the one created in step 1 above & the same file works under Nginx. What am I missing (other than the fact that I know very little about setting up SSLs!)? I need the second command to specify the value of 'server.ssl.keyAlias' in application.properties, I believe.


Not really an answer but overflowed comment.

您不需要生成" X.509证书;你已经从GoDaddy那里得到了.如果(且仅)以与(外部)nginx相同的名称访问SpringBoot服务器(我不清楚),您需要转换对私钥和证书链 >从PEM格式到Java使用的格式.参见:
导入私有密钥/public-certificate对在Java KeyStore中

You don't need to 'generate' an X.509 cert; you already got that from GoDaddy. If (and only if) the SpringBoot server is accessed by the same name(s) as (external) nginx -- which is unclear to me -- you need to convert the pair of private key AND certificate CHAIN from PEM format to a format Java uses. See:
How to import an existing x509 certificate and private key in Java keystore to use in SSL?
How can I set up a letsencrypt SSL certificate and use it in a Spring Boot application?
How to use .key and .crt file in java that generated by openssl?
Importing the private-key/public-certificate pair in the Java KeyStore
maybe Import key and SSL Certificate into java keystore