1、申请全球DNS 域名
2、根据域名申请https证书
3、vi server.xml
1、8443 改为443,设置证书配置 修改区域 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateKeystoreFile="conf/localhost-rsa.jks" type="RSA" /> </SSLHostConfig> </Connector> 修改为 <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateKeystoreFile="/usr/local/java/tomcat8/conf/key/2018sslcert_GlobalSign_pwdBJCA.....pfx" certificateKeystorePassword="123456" certificateKeystoreType="PKCS12" type="RSA" /> </SSLHostConfig> </Connector> 注释:certificateKeystoreFile 为证书路径,certificateKeystorePassword 为证书生成时设置的密码,certificateKeystoreType为类型,pfx 格式证书类型就是PKCS12 2、设置把8080端口改为80,设置访问80端口重定向到443端口 修改前 <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> 修改为 <Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" /> 3、8009重定向到443 修改前 <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> 修改后 <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
4、vi web.xml
在 </welcome-file-list>下面插入如下内容即可
<login-config> <!-- Authorization setting for SSL --> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
注:设置完第4步骤访问80 端口才会自动重定向到443,(前3步骤只是加入了全球服务器证书,可以通过443访问了)。
5、重启服务
../bin/shutdown.sh
../bin/start.sh