Tomcat 配置HTTPS

1. 生成keystore

%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore \path\to\my\keystore

2. 配置server.xml

打开注释掉的HTTPS:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
             maxThreads="150" scheme="https" secure="true"
             clientAuth="false" sslProtocol="TLS"
             keystoreFile="\path\to\my\keystore"
             keystorePass="9c1d12eef17849c8887627b7f7922ce4" />

3. 强制使用HTTPS

server.xml里注意设置HTTP的转发端口为HTTPS的端口：8443

<Connector port="8080" protocol="HTTP/1.1" 
            connectionTimeout="20000" 
            redirectPort="8443" />

 web.xml里加入配置：

<security-constraint>  
    <!-- Authorization setting for SSL -->  
    <web-resource-collection >  
        <web-resource-name >private</web-resource-name>  
        <url-pattern>/*</url-pattern>
    </web-resource-collection>  
    <user-data-constraint>  
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>  
    </user-data-constraint>  
</security-constraint>