1、申请全球DNS 域名
2、根据域名申请https证书
3、vi server.xml
1、8443 改为443,设置证书配置
修改区域
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
</Connector>
修改为
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="/usr/local/java/tomcat8/conf/key/2018sslcert_GlobalSign_pwdBJCA.....pfx"
certificateKeystorePassword="123456"
certificateKeystoreType="PKCS12"
type="RSA" />
</SSLHostConfig>
</Connector>
注释:certificateKeystoreFile 为证书路径,certificateKeystorePassword 为证书生成时设置的密码,certificateKeystoreType为类型,pfx 格式证书类型就是PKCS12
2、设置把8080端口改为80,设置访问80端口重定向到443端口
修改前
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
修改为
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
3、8009重定向到443
修改前
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
修改后
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
4、vi web.xml
在 </welcome-file-list>下面插入如下内容即可
<login-config> <!-- Authorization setting for SSL --> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
注:设置完第4步骤访问80 端口才会自动重定向到443,(前3步骤只是加入了全球服务器证书,可以通过443访问了)。
5、重启服务
../bin/shutdown.sh
../bin/start.sh