先将jks转为p12标准
keytool -importkeystore -srckeystore FullSSL.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore fullssl.p12
再转为keystore格式
keytool -v -importkeystore -srckeystore fullssl.p12 -srcstoretype PKCS12 -destkeystore fullssl.keystore -deststoretype JKS
对server.xml
加一个connector
<Connector port="8080" protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/u01/apache-tomcat-7.0.54/fullssl.keystore"
keystorePass="xxxxxxxx" />
注意:有可能tomcat会报错,所以使用org.apache.coyote.http11.Http11Protocol,也可以使用“HTTP/1.1”
如果有http转https的需求可以改变
<Connector URIEncoding="UTF-8" connectionTimeout="20000" port="80" protocol="HTTP/1.1" redirectPort="443"/>
redirectPort转到https的端口
web.xml
在路径“welcome-file-list”下,增加
<security-constraint>
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>