1、生成keystore文件
keytool -v -genkey -alias tomcat -keyalg RSA -keystore d:/tomcat.keystore
2. 取消注释 tomcat/conf/server.xml ,并指定安全证书位置和密码<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:/tomcat7/conf/keystore/tomcat.keystore"
keystorePass="123456"/>
3. 所有http请求强转为HTTPS请求
对应的业务工程下web.xml配置最后
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection>
<web-resource-name>OPENSSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
附加:
禁用HTTP不安全的方法:
在tomcat/conf/web.xml最后加上一个节点
<!--禁用HTTP的不安全方法-->
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint></auth-constraint>
</security-constraint>