HTTPS

Run on application server:

openssl genrsa -out confKey.key 2048 -sha256

openssl req -new -key confKey.key -out confReq.csr

Send confReq.csr to CA

Take caReply.cer to server

openssl pkcs12 -export -out key.pfx -inkey confKey.key -in caReply.cer

keytool -importkeystore -srckeystore key.pfx -srcstoretype pkcs12 -destkeystore myKey.jks -deststoretype JKS

On server.xml file:

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="changeit" keystoreFile="/path/to/myKey.jks"/>

Restart confluence

Change base url

You'll need to decide on what route you want to take first.  You can either try to run Confluence's Tomcat with SSL, or take the recommended route of setting up a simple reverse proxy that handles all the SSL stuff.  (There are other routes, but these are more than a little unusual, and I'm only really familiar with the 97% of cases that go with a proxy).

Do you have a preference?  If so, and it's a proxy, which web server would you choose as the proxy?  (Nginx, Apache, Lighttpd etc)