我有一个便宜的SSL证书,我想用Tomcat 8.0.26配置
我在Linux上运行此命令来创建密钥库:
[root@ cert]# keytool -import -alias root -keystore tomcat.jks -trustcacerts -file AddTrustExternalCARoot.crt
Enter keystore password:
Re-enter new password:
Certificate already exists in system-wide CA keystore under alias <addtrustexternalroot>
Do you still want to add it to your own keystore? [no]: yes
Certificate was added to keystore
[root@ cert]# keytool -import -alias intermediate1 -keystore tomcat.jks -trustcacerts -file COMODORSAAddTrustCA.crt
Enter keystore password:
Certificate was added to keystore
[root@ cert]# keytool -import -alias intermediate2 -keystore tomcat.jks -trustcacerts -file COMODORSADomainValidationSecureServerCA.crt
Enter keystore password:
Certificate was added to keystore
[root@ cert]# keytool -import -alias tomcat -keystore tomcat.jks -trustcacerts -file www_some_domain_com.crt
Enter keystore password:
Certificate was added to keystore
[root@ip-172-31-28-148 cert]#
我更新了server.xml
<Connector port="8443" protocol="HTTP/1.1"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/opt/apache-tomcat-8.0.26/cert/tomcat.jks"
keystorePass="pass"
sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
clientAuth="false" sslProtocol="TLS" />
我更新了web.xml以重定向SSL连接
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
但是当我打开网页时,我得到了
连接some_domain.com:8443时发生错误。无法与对等方安全通信:没有通用的加密算法。 (错误代码:ssl_error_no_cypher_overlap)
你知道我的错误在哪里吗?我也试过没有sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1",但没有结果。