我的SSL证书是从阿里云购买的,单域名证书(如果你购买www.xxx.com运营商会赠送xxx.com,如果你购买xxx.com则运营商赠送www.xxx.com)。购买成功后下载,选择tomcat版本。
打开tomcat根目录下conf/server.xml配置文件
寻找:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000" redirectPort="8443" />
修改为或添加:
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000" redirectPort="443" />
类似再设置:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="/home/fan/apache-tomcat-9.0.64/cert/key.pfx"
certificateKeystoreType="PKCS12"
certificateKeystorePassword="6pbiW868" />//下载的证书里有
</SSLHostConfig>
</Connector>
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" secretRequired="" />
(可选步骤)在web.xml文件最底部添加以下内容,实现HTTP自动跳转为HTTPS:
<security-constraint>
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
注:阿里云Ecs需要安全组中开放https 443端口