转载自:https://my.oschina.net/uut886/blog/164482
1、生成keystore文件
keytool -v -genkey -alias tomcat -keyalg RSA -keystored:/tomcat.keystore
2、取消注释 tomcat/conf/server.xml ,并指定安全证书位置和密码
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="d:/tomcat.keystore"
keystorePass="123456”/>
注:123456是生成d:/tomcat.keystore写入的密码
3、所有http请求强转为HTTPS请求
对应的业务工程下web.xml配置最后
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection>
<web-resource-name>OPENSSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
附加:
禁用HTTP不安全的方法:
在tomcat/conf/web.xml最后加上一个节点
<!--禁用HTTP的不安全方法-->
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint></auth-constraint>
</security-constraint>
另一篇文章
http://jingyan.baidu.com/article/a948d6515d3e850a2dcd2ee6.html