https接口的支持判断,http升级到https需求

https接口的支持判断,http升级到https需求

1.以下是仅仅支持http,不支持https的提示。

http://myapi.mytest.com:8081/pinganzong/getCity
{"resCode":"999999","resMsg":"系统异常","data":null}
https://myapi.mytest.com:8081/pinganzong/getCity
ERR_SSL_PROTOCOL_ERRORhttp://myapi.mytest.com:8888/HRM3_WEB_AOTU/AotuPA/addorder
HTTP Status 500 -https://myapi.mytest.com:8888/HRM3_WEB_AOTU/AotuPA/addorder
ERR_SSL_PROTOCOL_ERROR

2.如果是仅仅支持https（需要配置ssl证书），不支持http，则在请求http接口的时候，会返回：

400 Bad Request
The plain HTTP request was sent to HTTPS port
stgw
这个报错信息。

3.postman请求：https接口可以在浏览器上面直接访问。

https请求demo：
https://apis.map.qq.com/ws/district/v1/list?key=XXXX

4.测试过程：推断https不支持。

# 强制使用TLS 1.2
curl -X POST -H "Content-Type: application/json" -d '{"sign":"hah"}' "https://myapi.mytest.com:8081/public/pinganzong/getCity" --tlsv1.2# 或者尝试TLS 1.1
curl -X POST -H "Content-Type: application/json" -d '{"sign":"hah"}' "https://myapi.mytest.com:8081/public/pinganzong/getCity" --tlsv1.1# 启用详细日志查看SSL握手过程
curl -X POST -H "Content-Type: application/json" -d '{"sign":"hah"}' "https://myapi.mytest.com:8081/public/pinganzong/getCity" -v# 测试HTTP连接（如果支持）
curl -X POST -H "Content-Type: application/json" -d '{"sign":"hah"}' "http://myapi.mytest.com:8081/public/pinganzong/getCity"# 使用wget测试
wget --no-check-certificate -O- "https://myapi.mytest.com:8081/public/pinganzong/getCity"[root@VM-1-84-centos /]$curl -X POST -H "Content-Type: application/json" -d '{"sign":"hah"}' "https://myapi.mytest.com:8081/public/pinganzong/getCity" --tlsv1.2
curl: (35) SSL received a record that exceeded the maximum permissible length.
[root@VM-1-84-centos /]$curl -X POST -H "Content-Type: application/json" -d '{"sign":"hah"}' "https://myapi.mytest.com:8081/public/pinganzong/getCity" --tlsv1.1
curl: (35) SSL received a record that exceeded the maximum permissible length.
[root@VM-1-84-centos /]$
[root@VM-1-84-centos /]$curl -X POST -H "Content-Type: application/json" -d '{"sign":"hah"}' "https://myapi.mytest.com:8081/public/pinganzong/getCity" -v
* About to connect() to myapi.mytest.com port 8081 (#0)
*   Trying 175.XX.192.XX...
* Connected to myapi.mytest.com (175.XX.192.XX) port 8081 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crtCApath: none
* NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
* SSL received a record that exceeded the maximum permissible length.
* Closing connection 0
curl: (35) SSL received a record that exceeded the maximum permissible length.[root@VM-1-84-centos /]$curl -X POST -H "Content-Type: application/json" -d '{"sign":"hah"}' "http://myapi.mytest.com:8081/public/pinganzong/getCity"
{"resCode":"-1","resMsg":"签名有误"}[root@VM-1-84-centos /]$
[root@VM-1-84-centos /]$
[root@VM-1-84-centos /]$wget --no-check-certificate -O- "https://myapi.mytest.com:8081/public/pinganzong/getCity"
--2025-10-28 15:15:15--  https://myapi.mytest.com:8081/public/pinganzong/getCity
Resolving myapi.mytest.com (myapi.mytest.com)... 175.XX.192.XX
Connecting to myapi.mytest.com (myapi.mytest.com)|175.XX.192.XX|:8081... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.

5.配置demo

server {listen 443 ssl;server_name yourdomain.com;ssl_certificate /path/to/your/certificate.pem;ssl_certificate_key /path/to/your/private.key;ssl_session_timeout 5m;ssl_protocols TLSv1.2;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;ssl_prefer_server_ciphers on;# 其他配置...
}

6.获取SSL证书‌
SSL证书是配置HTTPS的基础，主要有以下类型：

DV证书‌：适合个人站点，仅验证域名所有权
OV证书‌：适合企业官网，需要验证企业资质
EV证书‌：适合电商、金融等对安全要求更高的网站

可以从云服务商（如阿里云、腾讯云）申请免费或付费证书，免费证书通常有效期为3个月

7.完整迁移流程‌
1.申请并安装证书‌：选择合适的证书类型并部署到服务器
2.配置301重定向‌：确保所有HTTP流量永久重定向到HTTPS
3.更新内部链接‌：将网站中所有硬编码的HTTP链接改为HTTPS
4.提交搜索引擎更新‌：在Google Search Console、百度站长平台中更新网站属性

 

更新外部链接：需要提前通知第三方，最好可以同时支持http和https两种方式，如果不能支持，则需要约定时间，同步来升级到https来访问。