代理服务

创建证书

生成证书文件certificate.crt

openssl req -x509 -newkey rsa:2048 -keyout [certificate.key] -out [certificate.crt] -days 365 -nodes -subj "/CN=*.example.com" -addext "subjectAltName=DNS:*.example.com"

或

[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
x509_extensions    = v3_ca
prompt             = no

[ req_distinguished_name ]
C            = US
ST           = California
L            = San Francisco
O            = Example Company
OU           = IT Department
CN           = *.example.com  # Primary common name (CN)

[ req_ext ]
subjectAltName = @alt_names

[ v3_ca ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = *.example.com          # First alternative name
DNS.2 = *.example2.com         # Second alternative name

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout [certificate.key] -out [certificate.crt] -config [sans.cnf]

生成pfx文件certificate.pfx

openssl pkcs12 -export -out [certificate.pfx] -inkey [certificate.key] -in [certificate.crt]

可以将生成的pfx文件导入代理服务

JAVA应用配置代理

增加以下VM参数

-Dhttp.proxyHost=localhost -Dhttp.proxyPort=13000 -Dhttps.proxyHost=localhost -Dhttps.proxyPort=13000

添加证书信任

keytool -importcert -keystore $JAVA_HOME/lib/security/cacerts -file [certificate.crt] -alias [alias] -storepass changeit