1、生成证书
1.1、Cmd 进入命令行
1.2、输入如下命令,生成RSA证书
keytool -genkeypair -alias "tomcat" -keyalg "RSA" -keystore "e:\tomcat.keystore"
1.3、指定证书可用域名
在名字和姓氏里输入域名如 :www.mydomain.com
2、配置tomcat
2.1、编辑server.xml 注释默认 Connector 配置
2.2、添加如下配置,添加SSL 配置
<Connector connectionTimeout="20000" port="80" protocol="HTTP/1.1" redirectPort="443"/>
<Connector SSLEnabled="true"
acceptCount="100"
clientAuth="false"
disableUploadTimeout="true"
enableLookups="false"
keystoreFile="e:\tomcat.keystore"
keystorePass="123456"
maxHttpHeaderSize="8192"
maxSpareThreads="75"
maxThreads="150"
minSpareThreads="25"
port="443"
protocol="org.apache.coyote.http11.Http11Protocol"
scheme="https"
secure="true"
sslProtocol="TLS"
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
/>
完成 SSL 配置