tomcat 8.5配置阿里云证书

配置service.xml文件

<?xml version="1.0" encoding="UTF-8"?>

<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">

   <!--http请求端口-->
    <Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" />
    <!--https请求端口及证书配置-->
	<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               keystoreFile="C:/apache-tomcat-8.5.53/conf/cert/zhengshu.pfx" keystoreType="PKCS12" keystorePass="password"<!--证书密码-->
               clientAuth="false" sslProtocol="TLS" />

    <Engine name="Catalina" defaultHost="center.syngovision.cn">

     
      <Realm className="org.apache.catalina.realm.LockOutRealm">
       
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="center.syngovision.cn"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

      
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>

配置web.xml文件在最下方添加以下代码：

<login-config>  
		<!-- Authorization setting for SSL -->  
		<auth-method>CLIENT-CERT</auth-method>  
		<realm-name>Client Cert Users-only Area</realm-name>  
	</login-config>  
	<security-constraint>  
		<!-- Authorization setting for SSL -->  
		<web-resource-collection >  
			<web-resource-name >SSL</web-resource-name>  
			<url-pattern>/*</url-pattern>  
		</web-resource-collection>  
		<user-data-constraint>  
			<transport-guarantee>CONFIDENTIAL</transport-guarantee>  
		</user-data-constraint>  
	</security-constraint>