如何使我的Spring Boot微服务使用HTTPS运行？

Question

我有一个通过Spring Boot实现的微服务（最初从2.0.6开始，现在是2.1.8），并且可以通过端口8080运行良好。现在，我必须切换到TLS，以使（REST）服务可以使用HTTPS充当Webhook，但我总是得到

2020-01-02 17:14:38.929 DEBUG [-,,,] 19072 --- [           main] o.s.b.d.LoggingFailureAnalysisReporter   : Application failed to start due to an exception

org.springframework.boot.web.embedded.tomcat.ConnectorStartFailedException: Connector configured to listen on port 8444 failed to start
    at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.checkConnectorHasStarted(TomcatWebServer.java:228)
    at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.checkThatConnectorsHaveStarted(TomcatWebServer.java:220)
    at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:200)
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:297)
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:163)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:552)
    at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141)
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:744)
    at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:391)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:312)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1215)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1204)
    at de.mediciliving.cloud.crm.CrmServiceApplication.main(CrmServiceApplication.java:21)

2020-01-02 17:14:38.930 ERROR [-,,,] 19072 --- [           main] o.s.b.d.LoggingFailureAnalysisReporter   : 

***************************
APPLICATION FAILED TO START
***************************

Description:

The Tomcat connector configured to listen on port 8444 failed to start. The port may already be in use or the connector may be misconfigured.

Action:

Verify the connector's configuration, identify and stop any process that's listening on port 8444, or configure this application to listen on another port.

我跟随HTTPS using Self-Signed Certificate in Spring Boot使用以下命令创建密钥库：

keytool -genkeypair -alias MyAlias -keystore keystore.p12 -storetype PKCS12 -keyalg RSA -storepass xxxxxx -validity 730 -keysize 2048

在我的application.properties中，我定义了这个：

server.ssl.enabled=true
server.port=${APPLICATION_PORT:8443}
# The path to the keystore containing the certificate
server.ssl.key-store=classpath:keystore/keystore.p12
# The password used to generate the certificate
server.ssl.key-store-password=xxxxxx
#server.ssl.key-password=xxxxxx
# The format used for the keystore.
#server.ssl.key-store-type=JKS
#server.ssl.key-store-type=PKCS12

server.ssl.key-alias=MyAlias

我没有其他服务正在运行监听该端口，甚至我重新启动IntelliJ来确保没有运行/监听服务。

我已经在网上搜索了几天，但仍然无法使用HTTPS运行我的服务。错误消息告诉我没有任何帮助。由于没有其他正在运行的服务，因此必须是配置，但我不知道到底是什么会导致此错误。

在POM中，我有：

<spring.boot.version>2.1.8.RELEASE</spring.boot.version>
<tomcat.version>9.0.27</tomcat.version>

<dependency>
    <groupId>org.springframework.security.oauth.boot</groupId>
    <artifactId>spring-security-oauth2-autoconfigure</artifactId>
    <version>2.2.2.RELEASE</version>
</dependency>

...I found something to exclude binary resource files from filtering, so I considered it in the POM as well...
<excludes>
    <exclude>**/resources/**/*.p12</exclude>
</excludes>

我尝试了诸如443、8443、8082等多个端口，并且还使用不同的证书格式（PKCS12和JKS），但均未成功。

[当我做keytool.exe -keystore keystore.p12 -storepass xxxxxx -list -storetype pkcs12时

我得到：

Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

MyAlias, 02.01.2020, PrivateKeyEntry,
Certificate fingerprint (SHA-256): 50:F3:52:68:4D:13:D9:C7:72:8E:9F:E9:60:40:DB:88:4D:1F:E8:75:2B:0A:08:C5:E2:F5:FA:D0:D7:0B:73:EB

也许在服务中具有此配置可能对您有所帮助：

@Configuration
@EnableResourceServer
@EnableWebSecurity
@EnableOAuth2Sso
public class SecurityConfig extends /*WebSecurityConfigurerAdapter*/ ResourceServerConfigurerAdapter {

    private static final String[] WHITELIST = {
            "/swagger-resources/**",
            "/swagger-ui.html",
            "/v2/api-docs",
            "/webjars/**",
            "/error*",
            "/health"
    };

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers(WHITELIST).permitAll();
//        http.authorizeRequests().anyRequest().fullyAuthenticated();
        http.authorizeRequests().anyRequest().permitAll();

        // disables Cross-Site Request Forgery protection and CORS protection
        http.csrf().disable();
        http.cors();
    }

    @Bean
    RequestContextListener requestContextListener() {
        return new RequestContextListener();
    }

    @Bean
    public FilterRegistrationBean simpleCorsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin("*");
        config.addAllowedHeader("*");
        config.addAllowedMethod("*");
        source.registerCorsConfiguration("/**", config);
        FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
        bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
        return bean;
    }
}