tomcat 支持单向https

先做证书.做好之后
修改server.xml <Connector port="80"
connectionTimeout="20000"
protocol="org.apache.coyote.http11.Http11NioProtocol"
URIEncoding="UTF-8" acceptCount="1100"
disableUploadTimeout="true"
maxSpareThreads="500" maxThreads="1000" minSpareThreads="250"
redirectPort="443" />

  <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />

 <Connector SSLEnabled="true" clientAuth="false" keystoreFile="证书文件" keystorePass="证书密码" maxThreads="150" port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS"/> 


这个时候应用还不是强制走https ,也就是说 https 和 http都能访问
修改应用的web.xml 根据你的实际情况来

<login-config>
Authorization setting for SSL
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
Authorization setting for SSL
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>