科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>java - Use SSL Bundle to create another tomcat connector - Stack Overflow

    java - Use SSL Bundle to create another tomcat connector - Stack Overflow

    programmeradmin3浏览0评论

    I am using PEM based SSL Bundle in Spring Boot for mTLS APIs:

    spring.ssl.bundle.pem.server.reload-on-update=true
spring.ssl.bundle.pem.server.keystore.certificate=/etc/spring/ssl/server.crt
spring.ssl.bundle.pem.server.keystore.private-key=/etc/spring/ssl/server.key
spring.ssl.bundle.pem.server.truststore.certificate=/etc/spring/ssl/rootCA.crt

# configure server to use "server" ssl bundle
server.port=8443
server.ssl.bundle=server
server.ssl.client-auth=need

    I want some API endpoints to be accessible without mTLS, using one-sided TLS. For e.g. for healthCheck endpoints. So I am creating another Tomcat connector on port 8444 for TLS connection. This is the @Configuration file for Tomcat:

    @Configuration 
public class TomcatConnectorConfig {

private int tlsPort = 8444;
private final SSLContext sslContext;

public TomcatConnectorConfig(SSLContext sslContext) {
    this.sslContext = sslContext;
}

@Bean
public TomcatServletWebServerFactory servletContainer(SSLContext sslContext) {
    TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();
    factory.addAdditionalTomcatConnectors(createTlsConnector(sslContext));
    return factory;
}

private Connector createTlsConnector(SSLContext sslContext) {
    // Create a new connector using the default HTTPS protocol
    Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
    connector.setPort(tlsPort);
    connector.setSecure(true);
    connector.setScheme("https");

    // Create a new SSLHostConfig instance for this connector
    SSLHostConfig sslHostConfig = new SSLHostConfig();
    sslHostConfig.setSslProtocol("TLS"); // or "TLSv1.2" etc.

    SSLHostConfigCertificate certificate = new SSLHostConfigCertificate(sslHostConfig, SSLHostConfigCertificate.Type.RSA);
    certificate.setSslContext(sslContext.getDefault()); //This is a mismatch
    sslHostConfig.addCertificate(certificate);
    // Add the SSLHostConfig to the connector
    connector.addSslHostConfig(sslHostConfig);
    return connector;
}

    } I am trying to use SSLContext provided by SSL Bundle here:

    @Configuration
public class SslConfiguration {
    @Bean
    public SSLContext sslContext(SslBundles sslBundles) {
        return sslBundles.getBundle("server").createSslContext();
    }
}

    How do I use this SSL Bundle within tomcat connector? I want to use the same PEM bundle with this port also

    I am using PEM based SSL Bundle in Spring Boot for mTLS APIs:

    spring.ssl.bundle.pem.server.reload-on-update=true
spring.ssl.bundle.pem.server.keystore.certificate=/etc/spring/ssl/server.crt
spring.ssl.bundle.pem.server.keystore.private-key=/etc/spring/ssl/server.key
spring.ssl.bundle.pem.server.truststore.certificate=/etc/spring/ssl/rootCA.crt

# configure server to use "server" ssl bundle
server.port=8443
server.ssl.bundle=server
server.ssl.client-auth=need

    I want some API endpoints to be accessible without mTLS, using one-sided TLS. For e.g. for healthCheck endpoints. So I am creating another Tomcat connector on port 8444 for TLS connection. This is the @Configuration file for Tomcat:

    @Configuration 
public class TomcatConnectorConfig {

private int tlsPort = 8444;
private final SSLContext sslContext;

public TomcatConnectorConfig(SSLContext sslContext) {
    this.sslContext = sslContext;
}

@Bean
public TomcatServletWebServerFactory servletContainer(SSLContext sslContext) {
    TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();
    factory.addAdditionalTomcatConnectors(createTlsConnector(sslContext));
    return factory;
}

private Connector createTlsConnector(SSLContext sslContext) {
    // Create a new connector using the default HTTPS protocol
    Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
    connector.setPort(tlsPort);
    connector.setSecure(true);
    connector.setScheme("https");

    // Create a new SSLHostConfig instance for this connector
    SSLHostConfig sslHostConfig = new SSLHostConfig();
    sslHostConfig.setSslProtocol("TLS"); // or "TLSv1.2" etc.

    SSLHostConfigCertificate certificate = new SSLHostConfigCertificate(sslHostConfig, SSLHostConfigCertificate.Type.RSA);
    certificate.setSslContext(sslContext.getDefault()); //This is a mismatch
    sslHostConfig.addCertificate(certificate);
    // Add the SSLHostConfig to the connector
    connector.addSslHostConfig(sslHostConfig);
    return connector;
}

    } I am trying to use SSLContext provided by SSL Bundle here:

    @Configuration
public class SslConfiguration {
    @Bean
    public SSLContext sslContext(SslBundles sslBundles) {
        return sslBundles.getBundle("server").createSslContext();
    }
}

    How do I use this SSL Bundle within tomcat connector? I want to use the same PEM bundle with this port also

    • java
    • spring-boot
    • ssl
    • tomcat
    • pem
    Share Improve this question edited Mar 31 at 3:47 Dhruv Agarwal asked Mar 21 at 6:18 Dhruv AgarwalDhruv Agarwal 11 bronze badge 2
    • Can you show configuration of SSLBundle what named client? – Vy Do Commented Mar 28 at 10:20
    • Sorry, that should be server. Edited the post. – Dhruv Agarwal Commented Mar 31 at 3:47
    Add a comment  | 

    1 Answer 1

    Reset to default 0

    It seems like you are in the right direction, but missing some small adjustments. Can you retry with the additiona following code in your createTlsConnector method?

    AbstractHttp11Protocol<?> protocol = (AbstractHttp11Protocol<?>) connector.getProtocolHandler();
protocol.setSSLEnabled(true);
protocol.addSslHostConfig(sslHostConfig);

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论