在 tomcat 7.0 中配置 tomcat 以支持 ssl 的问题

Question

为了在 tomcat 中支持 ssl....我制作了一个 Keystore 文件。包含自签名证书.....然后打开tomcat 7.0的server.xml文件并在server.xml中找到此代码

`     <!-- Define a SSL HTTP/1.1 Connector on port 8443
     This connector uses the JSSE configuration, when using APR, the
     connector should be using the OpenSSL style configuration
     described in the APR documentation -->

     <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" /> -->    ` 

并从连接器中删除注释并将 KeystoreFile 条目和 KeystorePass 条目放入未注释的连接器代码中，如下所示............

`    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
      maxThreads="150" scheme="https" secure="true"
      clientAuth="false" sslProtocol="TLS" **keystoreFile**="d:\cpademo.keystore"
     **keystorePass**="cpademo"/>      `

The above code works in tomcat 6.0...and allow https connection with tomcat but i get the error in tomcat 7.0 log file which indicate that it does not suppoert connection to https 8443 connection. Error in log file is following as.....

ERROR:

SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-ap
r-8443"]
java.lang.Exception: Connector attribute SSLCertificateFile must be defined when
using SSL with APR
    at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:484)
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:554)

请帮我解决这个问题。提前感谢

Answer 1

你必须把protocol从

protocol="HTTP/1.1"

到

protocol="org.apache.coyote.http11.Http11NioProtocol"

这是一篇好文章 http://java.dzone.com/articles/setting-ssl-tomcat-5-minutes

mkyong 的文章已经过时，缺少我上面提出的更改。

Answer 2

您正在使用 APR/native 连接器和 JSSE 连接器（BIO 和 NIO）的 SSL 配置。最简单的解决方法是在 server.xml 中注释掉 APR 生命周期侦听器。