Tomcat SSL/TLS Configuration

@see https://Tomcat.Apache.org/tomcat-9.0-doc/ssl-howto.html
//1:use jdk keytool
A:Generate Keystore    
01:============================
C:\Users\User>keytool -genkey -alias tomcat -keyalg RSA -keystore d:/ks/tomcatKeyStore
//也可参考:keytool -genkeypair -alias "tomcat" -keyalg "RSA" -keystore "d:/ks/tomcatKeyStore"
Enter keystore password:123456
Re-enter new password:123456
What is your first and last name?
  [Unknown]:  name
What is the name of your organizational unit?
  [Unknown]:  org
What is the name of your organization?
  [Unknown]:  org
What is the name of your City or Locality?
  [Unknown]:  sh
What is the name of your State or Province?
  [Unknown]:  sh
What is the two-letter country code for this unit?
  [Unknown]:  86
Is CN=name, OU=org, O=org, L=sh, ST=sh, C=86 correct?
  [no]:  yes
Enter key password for 
    (RETURN if same as keystore password):123456
Re-enter new password:123456
02:============================
C:\Users\User>keytool -list -keystore d:/ks/tomcatKeyStore
Enter keystore password:123456
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
tomcat, Dec 20, 2016, PrivateKeyEntry,
Certificate fingerprint (SHA1): 55:50:64:83:59:6F:71:70:C2:71:5F:0A:56:BF:E0:36:
41:45:3E:44
B:Connector in tomcat/config/server.xml

    
    
    
    
    

keystorePass
keystoreFile
truststoreFile
truststorePass
SSLCertificateFile="conf/server.cer"
SSLCertificateKeyFile="conf/server.key"
SSLCertificateChainFile="conf/intermediate.cer"
https://localhost:8443/
若抛异常:Connector attribute SSLCertificateFile must be defined when using SSL with APR
Tomcat提供两个ssl实现:jsse实现(tomcat7默认)和apr实现(tomcat6默认),Tomcat将自动选择实现,
若安装apr则自动选择apr,否则选择jsse,也可禁用tomcat自动选择,那我们指定protocol即可
C:add in web.xml
/*:整个应用都要求是https访问,CONFIDENTIAL修改为NONE,则取消ssl支持*/

    
        HttpsOnly
        /*
    
    
        CONFIDENTIAL
    

    

    
        HttpOrHttps
        *.ico
        /img/*
        /css/*
    
    
        NONE