ssl证书格式在线转化器:https://www.chinassl.net/ssltools/convert-ssl.html
1、新建ssl证书路径
mkdir cert
2、修改server.xml
<Service name="Catalina">
<Connector port="8085" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<!-- 配置证书文件信息 -->
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/usr/tomcat/cert/xxx.pfx"
keystorePass="xxxx"
clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"/>
<Engine name="Catalina" defaultHost="域名地址">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="域名地址" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
<Context path="/resources" docBase="/usr/tomcat/resources" reloadable="true"/>
</Host>
</Engine>
2、修改web.xml
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>sslwebsokect</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/error.jsp</location>
</error-page>
3、在tomcat的ROOT目录下新建error.jsp 文件
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8" isErrorPage="true"%>
<body>
<h1>错误Error</h1>
错误信息:<%= exception.getMessage() %>
</body>
4、重启tomcat,访问https://域名地址即可