问题
I received a SSL cert to use for a Tomcat 6.0 server, ready to use.
I configured Tomcat to use it with the following in server.xml:
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:\Tomcat 6.0\ssl\cert" keystorePass="*****"
clientAuth="false" sslProtocol="TLS"/>
I started Tomcat using the command prompt so I could see any error message as they happened. There were none.
The results for accessing different URLS:
- http://localhost -> normal page loads fine
- https://localhost -> browser claims page cannot be found
- https://localhost:8443 -> page cannot be found
- http://localhost:8443 -> offers a certificate, after accepted redirects to https://localhost (I suspect the https:// urls initially offer the certificate which is automatically accepted by the browser, as it was issued by Verisign)
How to fix?
Edit: I've also tried port="443". Same result.
回答1:
Do you require SSL on both 8443 and 443?
If all you need is 443 (the standard HTTP port), you can simply change the port="8443" to "443" and https:// URLs should work fine.
EDIT: OK, so if you've made the change and bounced tomcat and it's still listening on 8443 then there must be another connector specified which is listening on 8443.
Here's my connector configuration from my server.xml
<Connector
port="8080"
redirectPort="443"
maxSpareThreads="75"
maxThreads="150"
minSpareThreads="25"
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/javascript,application/xml">
</Connector>
<Connector
port="443"
minProcessors="5"
maxProcessors="75"
keystorePass="*****"
enableLookups="true"
disableUploadTimeout="true"
acceptCount="100"
debug="0"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/javascript,application/xml">
</Connector>
That results in traffic coming in on 8080 being (internally) redirected to the connector on port 443. Traffic from 443 doesn't have any redirect directive.
I'd do a grep of your configurations for 8443 to make sure another one hasn't sneaked in somewhere.
回答2:
I looks like you referenced a cert file in the keystoreFile attribute... if that file is actually a cert file you should use something like this
SSLCertificateFile="C:\Tomcat 6.0\ssl\cert"
... if that is correct (that the file a cert) then you will also need a key, for example:
SSLCertificateKeyFile="C:\Tomcat 6.0\ssl\cert.key"
If you have intermediate certs that you need in the CA chain, add:
SSLCertificateChainFile=
来源:https://stackoverflow.com/questions/7898748/tomcat-ssl-configuration