1、阿里云域名申请SSL,并下载证书和密匙;
2、修改TOMCAT conf 目录下 server.xml: (注意把8443改为443, 文件路径要注意尽量放到TOMCAT 根目录下,比如:在/opt/apache-tomcat-7.0.92下创建cert子目录)
<Connector port=”443” protocol=”org.apache.coyote.http11.Http11Protocol”
maxThreads=”150″ SSLEnabled=”true” scheme=”https” secure=”true”
keystoreFile=”cert/2021993.pfx”
keystoreType=”PKCS12″
keystorePass=”1vgJ0Wuz”
clientAuth=”false” sslProtocol=”TLS” />
<Connector executor=”tomcatThreadPool”
port=”80″ protocol=”HTTP/1.1″
URIEncoding=”UTF-8″
connectionTimeout=”30000″
enableLookups=”false”
disableUploadTimeout=”false”
connectionUploadTimeout=”150000″
acceptCount=”300″
keepAliveTimeout=”120000″
maxKeepAliveRequests=”1″
compression=”on”
compressionMinSize=”2048″
compressableMimeType=”text/html,text/xml,text/javascript,text/css,text/plain,image/gif,image/jpg,image/png”
redirectPort=”443” />
3、HTTP 80自动自动跳转到HTTPS 443配制:在TOMCAT CONF 目录下web.xml文件的</welcome-file-list>后面加入下面代码
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<login-config>
<!– Authorization setting for SSL –>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!– Authorization setting for SSL –>
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
一定要重启服务器或TOMCAT, 打开网站网页的左边就会一把锁图标。
结束