我收到了公司的证书和私钥,我用以下的commanfs创建了一个密钥库:
openssl pkcs12 -export -in myCert.pem -inkey myKey.key -certfile myCert.pem -out mykeystore.p12
keytool -importkeystore -srckeystore mykeystore.p12 -srcstoretype pkcs12 -destkeystore mykeystore.jks -deststoretype JKS
然后我编辑了我的tomcat server.xml connector标记,如下所示:
<Connector server="HTTPS"
address="10.233.29.135"
port="11033"
protocol="HTTP/1.1"
SSLEnabled ="true"
sslProtocol ="TLS"
acceptCount="2000"
maxThreads="150"
minSpareThreads="10"
maxPostSize="10240"
maxHttpHeaderSize="8192"
connectionTimeout="20000"
scheme="https"
secure="true"
clientAuth="false"
enableLookups="false"
keystoreFile="conf/mykeystore.jks"
keystorePass="myPass"
ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256"
sslEnabledProtocols="TLSv1.2,TLSv1.1"
allowTrace="false"
xpoweredBy="false"
URIEncoding="UTF-8" />
现在问题是当我在firefox中打开网站时出现以下错误:
Secure Connection Failed
An error occurred during a connection to 10.233.29.135:11032.
SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
有人可以帮我找到问题。
*注意:我正在使用本地服务器并使用IP地址访问网站但是为* .someDomain.com生成证书,所以我想知道我应该得到我得到的错误或它与我犯的其他一些错误有关。