Tomcat (8.5/9) 安装ssl证书

进入Tomcat安装目录,把证书的jks格式文件放在tomcat安装目录即可。

conf/ssl/371cloud.cn.jks

第二步: 打开tomcat配置文件 conf/server.xml

tomcat默认一般是8080端口或者 80端口,先找到这一段。

<Connector port="8080" protocol="HTTP/1.1"
    connectionTimeout="20000"
    redirectPort="8443" />

在这段下面插入下面配置:

<Connector port="443"
    protocol="org.apache.coyote.http11.Http11Nio2Protocol"
    maxThreads="150"
    SSLEnabled="true"
    defaultSSLHostConfigName="371cloud.cn">
    <SSLHostConfig hostName="371cloud.cn">
        <Certificate certificateKeystoreFile="conf/ssl/371cloud.cn.jks"
            certificateKeystorePassword="123456"
            type="RSA" />
    </SSLHostConfig>
</Connector>

使用Apache证书安装SSL

<Connector port="443"
    protocol="org.apache.coyote.http11.Http11AprProtocol"
    maxThreads="150"
    SSLEnabled="true"
    defaultSSLHostConfigName="371cloud.cn">
    <SSLHostConfig hostName="371cloud.cn">
        <Certificate certificateFile="conf/ssl/371cloud.cn.crt"
            certificateKeyFile="conf/ssl/371cloud.cn.key"
            certificateChainFile="conf/ssl/371cloud.cn-ca-bundle.crt"
            type="RSA" />
    </SSLHostConfig>
</Connector>

Tomcat 8.5 以上版本支持 SNI(同IP可以安装多个证书), 至少 jre7 以上版本

多个站点复制 SSLHostConfig


protocol 可选: 

org.apache.coyote.http11.Http11NioProtocol - non blocking Java NIO connector
org.apache.coyote.http11.Http11Nio2Protocol - non blocking Java NIO2 connector
org.apache.coyote.http11.Http11AprProtocol - the APR/native connector.