Article Source: http://blog.csdn.net/chow__zh/article/details/8843594
In the command Prompt window, go to the Tomcat directory and execute the following command:
Keytool-genkey-alias tomcat-keyalg rsa-keypass changeit-storepass changeit-keystore server.keystore-validity 3600
Generate the Server.keystore certificate file from the above steps
Open the comment that servlet.xml a bit
<!--Define a SSL http/1.1 Connector on port 8443--
<connector protocol= "Org.apache.coyote.http11.Http11Protocol"
Port= "8443" maxhttpheadersize= "8192"
maxthreads= "minsparethreads=" maxsparethreads= "75"
Enablelookups= "false" disableuploadtimeout= "true"
Acceptcount= "Scheme=" "https" secure= "true"
Clientauth= "false" sslprotocol= "TLS"
Keystorefile= "Server.keystore"
keystorepass= "Changeit"/>
Go to this step to visit https://ip:8443/
The general Tomcat default SSL port number is 8443, but for the SSL standard port number is 443, so when access to the Web page, the direct use of HTTPS without the need to enter the port number can be accessed, such as https://ip/
To modify the port number, you need to modify the Tomcat Server.xml file:
1.NON-SSL http/1.1 Connector Definition of the place, generally as follows:
<connector port= "maxhttpheadersize=" 8192 "
maxthreads= "minsparethreads=" maxsparethreads= "75"
Enablelookups= "false" redirectport= "443" acceptcount= "100"
connectiontimeout= "20000" disableuploadtimeout= "true"/>
Change the Redirectport port number to: 443
2.SSL http/1.1 Connector defined place, the modified port number is: 443, as follows:
<connector
port= "443" maxhttpheadersize= "8192"
Maxthreads= "minsparethreads=" 25 "
maxsparethreads= "75"
Enablelookups= "false"
Disableuploadtimeout= "true"
Acceptcount= "Scheme=" "https"
Secure= "true"
Clientauth= "false" sslprotocol= "TLS"
Keystorefile= "Conf/tomcat.keystore"
keystorepass= "123456"/>
3.AJP 1.3 Connector defined place, modify Redirectport to 443, as follows:
<connector port= "8009"
Enablelookups= "false" redirectport= "443" protocol= "ajp/1.3"/>
You can restart Tomcat. To this step can form the access mode https://ip/
4. Mandatory HTTPS access
Add the following paragraph to the </welcome-file-list> in Tomcat\conf\web.xml:
<login-config>
<!--Authorization setting for SSL--and
<auth-method>CLIENT-CERT</auth-method>
<realm-name>client Cert users-only area</realm-name>
</login-config>
<security-constraint>
<!--Authorization setting for SSL--and
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Note: (If the machine port used by the other party is occupied)
Need to switch ports to convert data: iptables-t nat-a prerouting-p tcp--dport 80-j REDIRECT--to-port 8080