I need my restful service support ssl in spring boot. Though the service app started successfully, I fail to access the page in Chrome(version:68.0.3440.106). The error message:ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Captured image of error message:
pom.xml of the project:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>test</groupId>
<artifactId>spring-restful-server-https</artifactId>
<version>1.0.0</version>
<packaging>jar</packaging>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.3.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
</dependencies>
<properties>
<java.version>1.8</java.version>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
configuration file (passwords have been masked intentionally):
server.port=8443
server.ssl.key-store=classpath:shq.jks
server.ssl.key-store-password=******
server.ssl.key-password=******
Controller class:
package test.spring_restful_server_https;
import java.util.concurrent.atomic.AtomicLong;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class GreetingController {
private static final String template = "Hello, %s!";
private final AtomicLong counter = new AtomicLong();
@RequestMapping("/greeting")
public Greeting greeting(@RequestParam(value="name", defaultValue="World") String name) {
return new Greeting(counter.incrementAndGet(),
String.format(template, name));
}
}
I use java keytool to generate the shq.jks file.
keytool command:
keytool -genkeypair -alias shq -keystore shq.jks
after execute:
keytool -list -keystore shq.jks -v
jks file infomation (my enviroment is chinese, so I translate the information and put in parenthesis):
密钥库类型(keystore type): JKS
密钥库提供方(keystore provider): SUN
您的密钥库包含 1 个条目(your keystore contains 1 entry)
别名(alias name): shq
创建日期(creation date): 2018-8-16
条目类型(entry type): PrivateKeyEntry
证书链长度(certificate chain length): 1
证书(certificate)[1]:
所有者(owner): CN=shq, OU=home, O=home, L=shanghai, ST=shanghai, C=cn
发布者(issuer): CN=shq, OU=home, O=home, L=shanghai, ST=shanghai, C=cn
序列号(serial number): 279abe96
有效期开始日期(valid from): Thu Aug 16 21:02:31 CST 2018, 截止日期(until): Wed Nov 14 21:02:31 CST 2018
证书指纹(certificate fingerprints):
MD5: 78:E1:91:21:04:AC:38:F1:0B:30:D8:51:69:FD:BE:28
SHA1: 8A:D5:1C:26:69:6B:5C:50:75:A6:E8:BE:66:2F:58:01:68:8F:78:1A
SHA256: 74:0F:F1:0D:59:75:93:3B:BD:55:75:3D:F1:E8:23:17:CE:5D:C0:14:63:0D:D9:53:54:29:C2:C4:70:5A:82:C0
签名算法名称(signature algorithm name): SHA1withDSA
版本(version): 3
扩展(extensions):
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AF 9F 16 35 95 36 FD 13 0C EA 19 F8 A0 D0 E3 6F ...5.6.........o
0010: A6 CB BB EE ....
]
]