打开 conf 下的 server.xml,从中找到如下注释信息。 <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 This connector uses the NIO implementation. The default SSLImplementation will depend on the presence of the APR/native library and the useOpenSSL attribute of the AprLifecycleListener. Either JSSE or OpenSSL style configuration may be used regardless of the SSLImplementation selected. JSSE style configuration is used below. --> 在这里添加 <!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateKeystoreFile="conf/localhost-rsa.jks" type="RSA" /> </SSLHostConfig> </Connector> --> 添加代码如下
<Connector
port="443"
protocol="HTTP/1.1"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
sslEnabledProtocols="TLSv1.2"
keystoreFile="/usr/local/tomcat9/cert2022/zhengshu.pfx"
keystorePass="password"
truststoreType="PKCS12"
/>
需要注意的是keystoreFile是证书绝对路径地址,keystorePass是密码
然后去掉原有http访问配置,或者注释掉下面几行
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
然后找到
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--
<Connector protocol="AJP/1.3"
address="::1"
port="8009"
redirectPort="8443" />
-->
修改为
<Connector protocol="AJP/1.3"
address="::1"
port="8009"
redirectPort="443" />