1、生成keystore文件

keytool -v -genkey -alias tomcat -keyalg RSA -keystore /home/test/my.keystore

在生成keystore的过程中，要输入一些站点信息和密码，并要求再次核对密码

2、编辑tomcat/conf/server.xml 找到对应的connector，取消注释，并且写入keystore文件路径和密码

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/home/test/my.keystore"
keystorePass="123456"/>

3、强制HTTP转HTTPS 对工程的web.xml进行修改，加入：

<security-constraint>
<web-resource-collection>
<web-resource-name>OPENSSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

4、禁用不安全的http方法 在tomcat/conf/web.xml最后加上一个节点

<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint></auth-constraint>
</security-constraint>