建立文件夹
/home/tomcat/tomcat-9.0.34/cert
keytool -genkey -alias Piccsug -keyalg RSA -storetype PKCS12 -keysize 2048 -sigalg SHA256withRSA -dname "CN=`hostname`,OU=Picclife,O=tomcat,L=beijing,S=beijing,C=China" -keypass PiccSug#2021 -keystore tomcat.jks -storepass PiccSug#2021 -validity 3650
server.xml中修改以下两个地方:
<Connector port="8081" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="4430" />
复制原有的被注释掉配置,改成以下配置
<Connector port="4430" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="/home/tomcat/tomcat-9.0.34/cert/tomcat.jks"
type="RSA" certificateKeystorePassword="PiccSug#2021" />
</SSLHostConfig>
</Connector>
应用web.xml中加入,以tomcat自带的项目examples为例
<security-constraint>
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
访问:http://192.168.129.138:8081/examples/
跳转:https://192.168.129.138:4430/examples/
或者直接访问:https://192.168.129.138:4430/examples/