Tomcat多证书多域名必须是Tomcat 8.5以上版本
配置server.xml
XML
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="80" protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="8000"
redirectPort="443"
maxPostSize="-1" maxHttpHeaderSize ="102400" />
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="443" SSLEnabled="true" defaultSSLHostConfigName="domain1.cn"
connectionTimeout="8000">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig hostName="domain1.cn" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256">
<Certificate certificateKeystoreFile="D:/apache-tomcat-8.5.100/cert/jks/domain1.cn.jks"
certificateKeystorePassword="password1" type="RSA"/>
</SSLHostConfig>
<SSLHostConfig hostName="domain2.cn" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256">
<Certificate certificateKeystoreFile="D:/apache-tomcat-8.5.100/cert/jks/domain2.cn.jks"
certificateKeystorePassword="password2"
type="RSA"/>
</SSLHostConfig>
</Connector>
<Connector port="8009" protocol="AJP/1.3" redirectPort="9443" secretRequired=""/>
<Engine name="Catalina" defaultHost="domain1.cn">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="domain1.cn" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Alias>domain1.cn</Alias>
<Alias>domain2.cn</Alias>
<Context path="" docBase="d:/www/project1" reloadable="true" crossContext="true" ></Context>
</Host>
</Engine>
</Service>
</Server>关键点说明:
1.defaultSSLHostConfigName 属性是必须,不设置默认配置会报错.
XML
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="443" SSLEnabled="true" defaultSSLHostConfigName="domain1.cn"
connectionTimeout="8000">2.表示开启多域名支持
XML
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />3.Alias是多域名别名配置,这是同一个项目多个域名的配置。
XML
<Host name="domain1.cn" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Alias>domain1.cn</Alias>
<Alias>domain2.cn</Alias>
<Context path="" docBase="d:/www/project1" reloadable="true" crossContext="true" ></Context>
</Host>如果是多个项目多个域名配置多个<Host>节点即可。
XML
<Host name="domain1.cn" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="d:/www/project1" reloadable="true" crossContext="true" ></Context>
</Host>
<Host name="domain2.cn" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="d:/www/project2" reloadable="true" crossContext="true" ></Context>
</Host>参数的属性可官方文档:
Apache Tomcat 8 Configuration Reference (8.5.100) - The HTTP Connector