Summary of problems encountered in configuring the startssl Certificate in Tomcat 7 in Linux

After the certificate is applied, an error is reported when you configure it to start Tomcat (under windwos ).

Connector attribute SSLCertificateFile must be defined when using SSL with APR

By viewing the tomcat7/webapps/docs/apr.html file
Set sslcertificatefile and sslcertificatekeyfile.
In Windows, Tomcat can be started normally, but cannot be started in Linux. the following error occurs when Tomcat is started:

java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.

Compared with the logs of the two, we found that the protocolhandler of Tomcat under Windows is ["http-apr-9443"] under Linux is ["http-bio-9443"]
Then, check what bio and APR are. Check the data and find that this is the running mode of Tomcat. There are three modes: bio, NiO, and APR. The following describes the three modes.

Bio
The default blocking Io mode has very low performance and has not been optimized or supported.

NIO
Java asynchronous Io Nursing Technology and no blocking Io technology are used. Performance has been initially optimized, but there are still some gaps with APR.

APR
It is the most difficult to install, But it solves the asynchronous Io problem at the operating system level, greatly improving the performance. You must install APR and tomcat native. Apr can be directly started.

It turns out that Tomcat is started in the default bio mode because APR and tomcat-native are not installed in Linux. Install these two items. After installation, you can start it.

IE, chrome... All of these can identify the certificate, but Firefox does not trust it, it is another Google, it was not configured, Firefox needs to attach the startssl root certificate and sub class1 certificate, because they issued the certificate to you, Firefox needs this certificate to know your certificate. OK. Solve the problem.

The detailed configuration process will be provided in the next article.

References:
Https apr/native connector parameter description
Http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
Solve Firefox incompatibility issues
Http://forum.ubuntu.org.cn/viewtopic.php? F = 54 & t = 307728
Http://dev.meettea.com/show-52-1.html
Bio, NiO. Apr three advanced operating modes
Http://phl.iteye.com/blog/910996
APR installation tutorial
Http://phl.iteye.com/blog/910984

Address: