--生成keystore
keytool -genkey -v -alias tomcat -keyalg RSA -keystore /usr/local/src/https/tomcat.keystore -validity 36500
--导入证书
keytool -import -v -file /usr/local/src/https/tomcat.crt -keystore /usr/local/src/https/tomcat.keystore--查看结果
keytool -list -keystore /usr/local/src/https/tomcat.keystore
配置TOMCAT的server.xml
<Connector port="8153"
protocol="HTTP/1.1"
SSLEnabled="true"
acceptCount="100"
clientAuth="false"
disableUploadTimeout="true"
enableLookups="false"
maxThreads="25"
keystoreFile="/opt/ssl/core_keystore"
keystorePass="123456"
scheme="https"
secure="true"
sslProtocol="TLS" />
配置web.xml强制使用https
<!-- 强制使用HTTPS -->
<login-config>
Authorization setting for SSL
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
Authorization setting for SSL
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>