知乎专栏 |
启用 HTTP2 必须使用 Tomcat 9 以上, Springboot 2.1
创建证书
keytool -genkey -alias localhost -storetype PKCS12 -keyalg RSA -keysize 2048 -storepass passw0rd -keystore localhost.p12 -dname "CN=localhost, OU=netkiller, O=netkiller.cn, L=Guangdong, ST=Shenzhen, C=CN" keytool -selfcert -alias localhost -storepass passw0rd -keystore localhost.p12 keytool -export -alias localhost -keystore localhost.p12 -storepass passw0rd -rfc -file localhost.cer keytool -importcert -trustcacerts -alias localhost -file localhost.cer -storepass passw0rd -keystore /etc/pki/java/cacerts
如果你是自己安装的JDK,需要找到cacerts安装路径
keytool -importcert -trustcacerts -alias localhost -file localhost.cer -storepass passw0rd -keystore /srv/java/jre/lib/security/cacerts
MacOS 添加方法,当提示你输入密码的时候,输入:changeit
iMac:resources neo$ sudo keytool -importcert -trustcacerts -alias localhost -file localhost.cer -cacerts Password: 输入密钥库口令: 所有者: CN=localhost, OU=netkiller, O=netkiller.cn, L=Guangdong, ST=Shenzhen, C=CN 发布者: CN=localhost, OU=netkiller, O=netkiller.cn, L=Guangdong, ST=Shenzhen, C=CN 序列号: ffd28d78add2b56c 生效时间: Mon Sep 07 16:55:39 CST 2020, 失效时间: Sun Dec 06 16:55:39 CST 2020 证书指纹: SHA1: A0:DB:69:34:66:EA:16:A3:AF:65:31:F9:5D:6E:C0:70:CA:5F:0E:22 SHA256: 2C:04:B7:BB:28:25:B5:E6:7C:0F:73:4B:02:38:6E:04:80:42:E2:F7:61:5C:91:4D:A8:EA:5E:20:2E:82:4F:0C 签名算法名称: SHA256withRSA 主体公共密钥算法: 2048 位 RSA 密钥 版本: 3 扩展: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 4E 30 9A EC C1 9D FB C2 CC 55 B2 6D 0D F4 01 CE N0.......U.m.... 0010: 13 C6 62 38 ..b8 ] ] 是否信任此证书? [否]: Y 证书已添加到密钥库中 iMac:resources neo$ keytool -list -cacerts -alias localhost 输入密钥库口令: localhost, 2020年9月8日, trustedCertEntry, 证书指纹 (SHA-256): 2C:04:B7:BB:28:25:B5:E6:7C:0F:73:4B:02:38:6E:04:80:42:E2:F7:61:5C:91:4D:A8:EA:5E:20:2E:82:4F:0C
配置启用 http2
server: port: 8443 servlet: context-path: / ssl: enabled: true key-store: classpath:ssl/localhost.p12 key-store-type: PKCS12 key-store-password: 123456 http2: enabled: true
我的配置
spring.application.name=web server.port=8443 #server.servlet.context-path=/ server.ssl.enabled=true server.ssl.key-store=classpath:localhost.p12 server.ssl.key-store-type=PKCS12 server.ssl.key-store-password=123456 server.http2.enabled=true
使用 curl 访问可以看到 HTTP/2 字样,表示成功
neo@MacBook-Pro ~ % curl -i -k https://localhost:8443/ping HTTP/2 200 content-type: text/plain;charset=UTF-8 content-length: 4 date: Tue, 09 Apr 2019 08:41:29 GMT Pong%