一 問題
SpringBoot web項目配置Https雙向認證,SSL的配置如下:
server:
tomcat:
...
port: 9698
http-port: 9697
ssl:
key-store: server.p12
key-store-password: 123456
key-store-type: PKCS12
key-alias: server
enabled: true
# trust
trust-store: client.p12
trust-store-password: 123456
trust-store-type: JKS
client-auth: need
trust-store-provider: SUN
配置後,springboot 項目啓動失敗,報錯如下:
java.lang.IllegalArgumentException: java.security.InvalidAlgorithmParameterException:
the trustAnchors parameter must be non-empty
二 解決方法
trust的配置不是配置客戶端的client.p12文件,需要把已生成的 ca.crt 證書導入信任證書庫,命令如下:
keytool -keystore truststore.jks -keypass 123456 -storepass 123456 -alias ca -import -trustcacerts -file /usr/local/openssl/ca/ca.crt
ssl中trust-store的配置修改爲:
server:
tomcat:
...
port: 9698
http-port: 9697
ssl:
key-store: server.p12
key-store-password: 123456
key-store-type: PKCS12
key-alias: server
enabled: true
# trust
trust-store: truststore.jks
trust-store-password: 123456
trust-store-type: JKS
client-auth: need
trust-store-provider: SUN
修改後,項目啓動正常。