1.Cmd界面进入C:\Program Files\Java\jdk1.7.0_15\bin使用keytool生成一个密钥库
2.在user目录下面找到.keystore文件 放到D:\apache-tomcat-7.0.47\conf下面
3.修改D:\apache-tomcat-7.0.47\conf\server.xml
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/.keystore"
keystorePass="123456"
/>
4.强制用户使用https访问需要在D:\apache-tomcat-7.0.47\conf\web.xml里面添加
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>ClientCertUsers-onlyArea</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>