hasalex/create-cert.sh

## create-cert.sh
# Commun pour le connecteur APR et les connecteurs classiques
openssl req -newkey 2048 -nodes -keyout conf/tomcat.key -x509 -days 365 -out conf/tomcat.crt -config conf/openssl.cnf

# Inutile pour le connecteur APR
openssl pkcs12 -inkey conf/tomcat.key -in conf/tomcat.crt -export -out conf/tomcat.pfx

## openssl.crt
[req]
prompt = no
distinguished_name = req_distinguished_name

[req_distinguished_name]
C = FR
L = Nullpar
O = JTips
CN = localhost

## tomcat9-http2-server.xml
<?xml version="1.0" encoding="UTF-8"?>
<Server port="-1">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>
  <Service name="Catalina">

    <Connector port="8542" SSLEnabled="true"
               protocol="org.apache.coyote.http11.Http11AprProtocol">
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateFile="conf/tomcat.crt" certificateKeyFile="conf/tomcat.key"/>
        </SSLHostConfig>
    </Connector>

    <Connector port="8543" SSLEnabled="true"
               protocol="org.apache.coyote.http11.Http11NioProtocol"
               sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation">
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="conf/tomcat.pfx" certificateKeystorePassword="tomcat"/>
        </SSLHostConfig>
    </Connector>

    <Connector port="8544" SSLEnabled="true"
               protocol="org.apache.coyote.http11.Http11NioProtocol"
               sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation">
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="conf/tomcat.pfx" certificateKeystorePassword="tomcat"/>
        </SSLHostConfig>
    </Connector>

    <Engine name="Catalina" defaultHost="localhost">
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>
	# Commun pour le connecteur APR et les connecteurs classiques
	openssl req -newkey 2048 -nodes -keyout conf/tomcat.key -x509 -days 365 -out conf/tomcat.crt -config conf/openssl.cnf

	# Inutile pour le connecteur APR
	openssl pkcs12 -inkey conf/tomcat.key -in conf/tomcat.crt -export -out conf/tomcat.pfx
	[req]
	prompt = no
	distinguished_name = req_distinguished_name

	[req_distinguished_name]
	C = FR
	L = Nullpar
	O = JTips
	CN = localhost
	<?xml version="1.0" encoding="UTF-8"?>
	<Server port="-1">
	<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
	<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
	<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
	<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
	<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

	<GlobalNamingResources>
	<Resource name="UserDatabase" auth="Container"
	type="org.apache.catalina.UserDatabase"
	description="User database that can be updated and saved"
	factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
	pathname="conf/tomcat-users.xml" />
	</GlobalNamingResources>
	<Service name="Catalina">

	<Connector port="8542" SSLEnabled="true"
	protocol="org.apache.coyote.http11.Http11AprProtocol">
	<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
	<SSLHostConfig>
	<Certificate certificateFile="conf/tomcat.crt" certificateKeyFile="conf/tomcat.key"/>
	</SSLHostConfig>
	</Connector>

	<Connector port="8543" SSLEnabled="true"
	protocol="org.apache.coyote.http11.Http11NioProtocol"
	sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation">
	<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
	<SSLHostConfig>
	<Certificate certificateKeystoreFile="conf/tomcat.pfx" certificateKeystorePassword="tomcat"/>
	</SSLHostConfig>
	</Connector>

	<Connector port="8544" SSLEnabled="true"
	protocol="org.apache.coyote.http11.Http11NioProtocol"
	sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation">
	<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
	<SSLHostConfig>
	<Certificate certificateKeystoreFile="conf/tomcat.pfx" certificateKeystorePassword="tomcat"/>
	</SSLHostConfig>
	</Connector>

	<Engine name="Catalina" defaultHost="localhost">
	<Realm className="org.apache.catalina.realm.LockOutRealm">
	<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
	resourceName="UserDatabase"/>
	</Realm>

	<Host name="localhost" appBase="webapps"
	unpackWARs="true" autoDeploy="true">
	<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
	prefix="localhost_access_log" suffix=".txt"
	pattern="%h %l %u %t "%r" %s %b" />

	</Host>
	</Engine>
	</Service>
	</Server>