1、进入网址 https://myssl.com/cert_convert.html 将证书转成jks格式,并放到tomcat conf根目录下
2、打开tomcat server.xml 配置
将如下配置放开注释,并改成如下:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf你的jks证书文件" certificateKeystorePassword="证书密码" type="RSA" />
</SSLHostConfig>
</Connector>
注意将端口改为443,https默认端口443
3、将 http 自动转换为 https
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" />
4、打开web.xml配置
<login-config> <!-- Authorization setting for SSL --> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
将这些配置放在最后面,最后重启tomcat即可