放在tomcat server.xml
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="路径rrl.com.pfx" keystoreType="PKCS12" keystorePass="gUtikBDK" clientAuth="false" sslProtocol="TLS"/>
配置web.xml文件,开启HTTP强制跳转HTTPS。
在文件</welcome-file-list>后添加以下内容:
<login-config> <!-- Authorization setting for SSL --> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> </login-config> <security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>