看了很多关于tomcat配置免费的ssl证书,最终在茫茫文章中找到了.....
原来tomcat8.5以下的是不支持配置多证书的
文件:tomcat/conf/service.xml
<Connector port="443" protocol="org.apache.coyote.http11.Http11Nio2Protocol" defaultSSLHostConfigName="www.aaa.com"
maxThreads="150" SSLEnabled="true" >
<SSLHostConfig hostName="www.aaa.com">
<Certificate certificateKeystoreFile="cert/aaa.jks" certificateKeystorePassword="password1" type="RSA" />
</SSLHostConfig>
<SSLHostConfig hostName="www.bbb.com">
<Certificate certificateKeystoreFile="cert/bbb.jks" certificateKeystorePassword="password2" type="RSA" />
</SSLHostConfig>
</Connector>
<Host name="www.aaa.com" appBase="webapps" unpackWARs="true" autoDeploy="true"><Context path="" docBase="xxx" reloadable="true" debug="0" /></Host>
<Host name="www.bbb.com" appBase="webapps" unpackWARs="true" autoDeploy="true"><Context path="" docBase="xxx" reloadable="true" debug="0" /></Host>
还有要配置强制跳转https的:
文件 tomcat/conf/web.xml
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>