humbertodias/create-cert.sh

## create-cert.sh
# inside conf folder of tomcat9
cd $TOMCAT_HOME9/conf

# Common for the APR connector and conventional connectors
openssl req -newkey rsa:2048 -nodes -keyout tomcat.key -x509 -days 365 -out tomcat.crt

# Not useful for the APR connector
openssl pkcs12 -inkey tomcat.key -in tomcat.crt -export -out tomcat.pfx

## tomcat9-http2-server.xml
<?xml version="1.0" encoding="UTF-8"?>
<Server port="8005">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>
  <Service name="Catalina">

<!--     <Connector port="8542" SSLEnabled="true"
               protocol="org.apache.coyote.http11.Http11AprProtocol">
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateFile="conf/tomcat.crt" certificateKeyFile="conf/tomcat.key"/>
        </SSLHostConfig>
    </Connector> -->

    <Connector port="8543" SSLEnabled="true"
               protocol="org.apache.coyote.http11.Http11NioProtocol"
               sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation">
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="conf/tomcat.pfx" certificateKeystorePassword="tomcat"/>
        </SSLHostConfig>
    </Connector>

<!--     <Connector port="8544" SSLEnabled="true"
               protocol="org.apache.coyote.http11.Http11NioProtocol"
               sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation">
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="conf/tomcat.pfx" certificateKeystorePassword="tomcat"/>
        </SSLHostConfig>
    </Connector> -->

    <Engine name="Catalina" defaultHost="localhost">
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>
	# inside conf folder of tomcat9
	cd $TOMCAT_HOME9/conf

	# Common for the APR connector and conventional connectors
	openssl req -newkey rsa:2048 -nodes -keyout tomcat.key -x509 -days 365 -out tomcat.crt

	# Not useful for the APR connector
	openssl pkcs12 -inkey tomcat.key -in tomcat.crt -export -out tomcat.pfx
	<?xml version="1.0" encoding="UTF-8"?>
	<Server port="8005">
	<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
	<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
	<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
	<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
	<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

	<GlobalNamingResources>
	<Resource name="UserDatabase" auth="Container"
	type="org.apache.catalina.UserDatabase"
	description="User database that can be updated and saved"
	factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
	pathname="conf/tomcat-users.xml" />
	</GlobalNamingResources>
	<Service name="Catalina">

	<!-- <Connector port="8542" SSLEnabled="true"
	protocol="org.apache.coyote.http11.Http11AprProtocol">
	<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
	<SSLHostConfig>
	<Certificate certificateFile="conf/tomcat.crt" certificateKeyFile="conf/tomcat.key"/>
	</SSLHostConfig>
	</Connector> -->

	<Connector port="8543" SSLEnabled="true"
	protocol="org.apache.coyote.http11.Http11NioProtocol"
	sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation">
	<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
	<SSLHostConfig>
	<Certificate certificateKeystoreFile="conf/tomcat.pfx" certificateKeystorePassword="tomcat"/>
	</SSLHostConfig>
	</Connector>

	<!-- <Connector port="8544" SSLEnabled="true"
	protocol="org.apache.coyote.http11.Http11NioProtocol"
	sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation">
	<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
	<SSLHostConfig>
	<Certificate certificateKeystoreFile="conf/tomcat.pfx" certificateKeystorePassword="tomcat"/>
	</SSLHostConfig>
	</Connector> -->

	<Engine name="Catalina" defaultHost="localhost">
	<Realm className="org.apache.catalina.realm.LockOutRealm">
	<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
	resourceName="UserDatabase"/>
	</Realm>

	<Host name="localhost" appBase="webapps"
	unpackWARs="true" autoDeploy="true">
	<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
	prefix="localhost_access_log" suffix=".txt"
	pattern="%h %l %u %t "%r" %s %b" />

	</Host>
	</Engine>
	</Service>
	</Server>