certs=(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate"); 这段永远都是null不知道是哪里问题？nginx？还是tomcat？ 网上搜索了不少信息，但是都没有解决，有人直接用tomcat来当https服务器是可以解决，但是我真不想那么做 nginx用http和https打开tomcat的页面都正确了，并且也弹出了证书选择的对话框，但是服务端就是不能获取客户端的认证证书信息 这段是NGINX的配置文件的 http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } } upstream tomcat { server 192.168.2.114:8080 fail_timeout=0; } # HTTPS server # server { listen 443 ssl; server_name localhost; ssl_certificate d:/ssl/server.crt; ssl_certificate_key d:/ssl/server.key; ssl_client_certificate d:/ssl/ca.crt; ssl on; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_verify_client on; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { # note, there is not SSL here! plain HTTP is used client_max_body_size 16m; client_body_buffer_size 128k; proxy_pass http://tomcat/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_next_upstream off; proxy_connect_timeout 30; proxy_read_timeout 300; proxy_send_timeout 300; } } } 这段是tomcat的 <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" scheme="https" proxyName="192.168.2.114" proxyPort="443" /> <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto"/>