First, you have to have an SSL certificate, I used here is the application to the cloud Ali Free DV type certificate, enter the SSL certificate Ali cloud application, downloaded has been issued, the type of certificate select tomcat.
The second step, open WinSCP (software itself to Baidu search, there are a lot of links to download, but must be used to obtain root privileges winscp Group-of), ssh into Qunhui root directory, find the configuration file server.xml tomcat and path address web.xml, the file is volume1> @appstore> Tomcat7> src> conf, create a new file in the src folder name at random, I've named ssl, is used to store SSL certificates.
The third step, open server.xml, find
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
Remove comments, add keystoreFile = "ssl / certificate" keystorePass = "password", which, ssl is the second step in your new folder, remember to put your certificate.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="ssl/证书" keystorePass="密码"
clientAuth="false" sslProtocol="TLS" />
The fourth step is to modify web.xml, search, add the following to the back, which is to be able to be forced into the tomcat https.
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
The fifth step, the edited server.xml and web.xml put back in place overwritten, restart tomcat, you can use the https access.