下載下來的證書包含兩個文件：

Tomcat 配置

1.上傳證書文件 上傳證書到服務器上，這里目錄根據自己可自由設置，我上傳的路徑為?tomcat/cert。 2.修改?conf/server.xml?a.修改?tomcat?訪問端口，將 8080 改為 80，在瀏覽器訪問時不需要添加端口。將?redirectPort="8443"的端口改為 443，因為 https 的端口為 443。最終修改內容如下

<!-- A "Connector" represents an endpoint by which requests are receivedand responses are returned. Documentation at :Java HTTP Connector: /docs/config/http.htmlJava AJP Connector: /docs/config/ajp.htmlAPR (HTTP/AJP) Connector: /docs/apr.htmlDefine a non-SSL/TLS HTTP/1.1 Connector on port 8080--><Connector port="80" protocol="HTTP/1.1"connectionTimeout="20000"redirectPort="443" />

2.添加?ssl證書和密碼，將?port?值改為 443，keystoreFile?屬性指向服務器的 *.pfx文件,keystorePass的值為?pfx-password.txt?的內容，最終修改內容如下：?

<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443This connector uses the NIO implementation. The defaultSSLImplementation will depend on the presence of the APR/nativelibrary and the useOpenSSL attribute of theAprLifecycleListener.Either JSSE or OpenSSL style configuration may be used regardless ofthe SSLImplementation selected. JSSE style configuration is used below. --> <Connector port="443"protocol="org.apache.coyote.http11.Http11Protocol"SSLEnabled="true"scheme="https"secure="true"keystoreFile="/xxx/tomcat/cert/restlessman.cn.pfx"keystoreType="PKCS12"keystorePass="xxxxx"clientAuth="false"SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>

3.修改?conf/web.xml?在?conf/web.xml?添加如下內容，可從 http 跳轉到 https?

<login-config><!-- Authorization setting for SSL --><auth-method>CLIENT-CERT</auth-method><realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint><!-- Authorization setting for SSL --><web-resource-collection ><web-resource-name >SSL</web-resource-name><url-pattern>/*</url-pattern></web-resource-collection><user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint> </security-constraint>

4.重啟 Tomcat 重啟?Tomcat?后，訪問?https://xxx.xxx.xxx?即可。如下圖：?

?

總結

以上是生活随笔為你收集整理的tomcat配置https证书的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。