certs=(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate"); 這段永遠(yuǎn)都是null不知道是哪里問(wèn)題？nginx？還是tomcat？ 網(wǎng)上搜索了不少信息，但是都沒(méi)有解決，有人直接用tomcat來(lái)當(dāng)https服務(wù)器是可以解決，但是我真不想那么做 nginx用http和https打開(kāi)tomcat的頁(yè)面都正確了，并且也彈出了證書(shū)選擇的對(duì)話框，但是服務(wù)端就是不能獲取客戶端的認(rèn)證證書(shū)信息 這段是NGINX的配置文件的 http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } } upstream tomcat { server 192.168.2.114:8080 fail_timeout=0; } # HTTPS server # server { listen 443 ssl; server_name localhost; ssl_certificate d:/ssl/server.crt; ssl_certificate_key d:/ssl/server.key; ssl_client_certificate d:/ssl/ca.crt; ssl on; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_verify_client on; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { # note, there is not SSL here! plain HTTP is used client_max_body_size 16m; client_body_buffer_size 128k; proxy_pass http://tomcat/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_next_upstream off; proxy_connect_timeout 30; proxy_read_timeout 300; proxy_send_timeout 300; } } } 這段是tomcat的 <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" scheme="https" proxyName="192.168.2.114" proxyPort="443" /> <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto"/>