Tomcat多证书多域名必须是Tomcat 8.5以上版本
配置server.xml
<?xml version='1.0' encoding='utf-8'?><Server port="8005" shutdown="SHUTDOWN"><Listener className="org.apache.catalina.startup.VersionLoggerListener" /><Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /><Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /><Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /><Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /><GlobalNamingResources><Resource name="UserDatabase" auth="Container"type="org.apache.catalina.UserDatabase"description="User database that can be updated and saved"factory="org.apache.catalina.users.MemoryUserDatabaseFactory"pathname="conf/tomcat-users.xml" /></GlobalNamingResources><Service name="Catalina"><Connector port="80" protocol="org.apache.coyote.http11.Http11NioProtocol" connectionTimeout="8000"redirectPort="443" maxPostSize="-1" maxHttpHeaderSize ="102400" /> <Connectorprotocol="org.apache.coyote.http11.Http11NioProtocol" port="443" SSLEnabled="true" defaultSSLHostConfigName="domain1.cn"connectionTimeout="8000"><UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /><SSLHostConfig hostName="domain1.cn" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256"><Certificate certificateKeystoreFile="D:/apache-tomcat-8.5.100/cert/jks/domain1.cn.jks" certificateKeystorePassword="password1" type="RSA"/></SSLHostConfig><SSLHostConfig hostName="domain2.cn" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256"><Certificate certificateKeystoreFile="D:/apache-tomcat-8.5.100/cert/jks/domain2.cn.jks"certificateKeystorePassword="password2"type="RSA"/></SSLHostConfig></Connector><Connector port="8009" protocol="AJP/1.3" redirectPort="9443" secretRequired=""/><Engine name="Catalina" defaultHost="domain1.cn"><Realm className="org.apache.catalina.realm.LockOutRealm"><Realm className="org.apache.catalina.realm.UserDatabaseRealm"resourceName="UserDatabase"/></Realm><Host name="domain1.cn" appBase="webapps"unpackWARs="true" autoDeploy="true"><Alias>domain1.cn</Alias><Alias>domain2.cn</Alias><Context path="" docBase="d:/www/project1" reloadable="true" crossContext="true" ></Context> </Host></Engine></Service>
</Server>
关键点说明:
1.defaultSSLHostConfigName 属性是必须,不设置默认配置会报错.
<Connectorprotocol="org.apache.coyote.http11.Http11NioProtocol" port="443" SSLEnabled="true" defaultSSLHostConfigName="domain1.cn"connectionTimeout="8000">
2.表示开启多域名支持
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
3.Alias是多域名别名配置,这是同一个项目多个域名的配置。
<Host name="domain1.cn" appBase="webapps"unpackWARs="true" autoDeploy="true"><Alias>domain1.cn</Alias><Alias>domain2.cn</Alias><Context path="" docBase="d:/www/project1" reloadable="true" crossContext="true" ></Context> </Host>
如果是多个项目多个域名配置多个<Host>节点即可。
<Host name="domain1.cn" appBase="webapps"unpackWARs="true" autoDeploy="true"><Context path="" docBase="d:/www/project1" reloadable="true" crossContext="true" ></Context> </Host>
<Host name="domain2.cn" appBase="webapps"unpackWARs="true" autoDeploy="true"><Context path="" docBase="d:/www/project2" reloadable="true" crossContext="true" ></Context> </Host>
参数的属性可官方文档:
Apache Tomcat 8 Configuration Reference (8.5.100) - The HTTP Connector