我按照本教程在 tomcat 中启用 ssl:https://medium.com/@raupach/how-to-install-lets-encrypt-with-tomcat-3db8a469e3d2
虽然tomcat最后运行了,但我无法访问https,说无法连接。所以我检查了日志,我得到:
Caused by: java.io.IOException: SSLHostConfig attribute certificateFile must be defined when using an SSL connector
,但我的certificateFile 的定义如您所见:
<Connector port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="100"
compression="on"
scheme="https"
SSLEnabled="true"
secure="true"
SSLVerifyClient="none"
SSLProtocol="TLSv1.2"
defaultSSLHostConfigName="test.test">
<SSLHostConfig hostName="test.test">
<Certificate certificateFile="conf/cert.pem" certificateKeyFile="conf/privkey.pem" certificateChainFile="conf/chain.pem" />
</SSLHostConfig>
</Connector>
这些文件存在于conf/
中tomcat 9 文档:https://tomcat.apache.org/tomcat-9.0-doc/config/http.htmlSSLHostConfig 和证书部分
您混合使用了新属性(自 Tomcat 8.5 起)和已弃用的属性(参见 Tomcat 文档)。设置的效果,例如
SSLProtocol<SSLHostConfig>_default_您应该将过时的标签(
SSLVerifyClientSSLProtocol<Connector port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="100"
compression="on"
scheme="https"
SSLEnabled="true"
secure="true"
defaultSSLHostConfigName="test.test">
<SSLHostConfig hostName="test.test"
protocols="TLSv1.2">
<Certificate certificateFile="conf/cert.pem"
certificateKeyFile="conf/privkey.pem"
certificateChainFile="conf/chain.pem" />
</SSLHostConfig>
</Connector>
备注: 您使用的属性特定于 APR 连接器。如果该选择是有意为之,您应该将协议更改为
org.apache.coyote.http11.Http11AprProtocol要手动管理密码,您可以添加
ciphers<SSLHostConfig ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
protocols="TLSv1.2">