2. Modify conf/server.xml
<Service name="Catalina">
.....
<Connector protocol="org.apache.coyote.http11.Http11AprProtocol" port="8443" SSLEnabled="true" connectionTimeout="20000" SSLCertificateFile="SSL.cer" SSLCertificateKeyFile="SSL.key" SSLCACertificateFile="CA.cer" SSLCertificateChainFile="CAChain.cer" maxThreads="150" scheme="https" SSLVerifyClient="require" SSLProtocol="TLSv1" SSLCARevocationFile="crl.pem" SSLVerifyDepth="2" />
.....
</Service>
remark:
All certificate file should be in PEM format
SSK.key should have no password
crl.pem should be used to block revoked certificate