Tomcat配置Https

1、证书格式转换，在tomcat安装目录创建ssl目录，并将阿里云下载的证书全部拷贝该目录中。(如果是系统创建的CSR，请直接到第2步)

[root@lb01 ~]# mkdir /server/tomcat-8080/ssl
[root@lb01 ~]# cd /server/tomcat-8080/ssl
[root@lb01 ~]#   上传对应证书
[root@lb01 ssl]# unzip 1524377920931.zip

# 执行如下命令完成PFX格式转换命令，此处要设置PFX证书密码，请牢记
[root@lb01 ssl]# openssl pkcs12 -export -out 1524377920931.pfx -inkey 1524377920931.key -in 1524377920931.pem

2.修改tomcat安装目录中conf/server.xml

[root@lb01 ~]# vim /server/tomcat-8080/conf/server.xml
<!--1.修改Host name为nginx.bjstack.com -->
<Host name="tomcat.oldxu.com"  appBase="webapps"
    unpackWARs="true" autoDeploy="true">

<!--2.修改redirectPort="8443"为redirectPort="443"-->
<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" />

<!--3.增加如下内容-->
<Connector port="443"
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150"
    SSLEnabled="true"
    scheme="https"
    secure="true"
    keystoreFile="ssl/1524377920931.pfx"
    keystoreType="PKCS12"
    keystorePass="123456"
    clientAuth="false"
    SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
    ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>

3.重启Tomcat服务

[root@lb01 ~]# /server/apache-tomcat-9.0.11/bin/shutdown.sh
[root@lb01 ~]# /server/apache-tomcat-9.0.11/bin/startup.sh

[root@lb01 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      29331/java
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      29331/java
tcp        0      0 127.0.0.1:8005          0.0.0.0:*               LISTEN      29331/java
tcp        0      0 0.0.0.0:8009            0.0.0.0:*               LISTEN      29331/java

4.使用浏览器访问https://IP可访问, 如果是http://IP则会访问失败