The installation and configuration of Tomcat SSL has encountered problems

Configure the Tomcat server to use SSL for encryption.

First, Generate KeyStore

The specific build mode is not spoken, and Tomcat supports the KeyStore format with JKS,PKCS11 and PKCS12

JKS is the certificate store format generated by the Keytool tool in the Jdk/bin directory.

PKCS12 is the format generated by the OpenSSL tool.

Second, the Tomcat container in the Connect connector

There are two types of Tomcat implementations for SSL, Jsse and Apr

(1) The JDK is implemented with the OpenSSL engine from version 1.4, so if you want to use APR, you must configure the OpenSSL engine for JSSE,APR.

(2) Jsse is divided into bio implementation and NIO implementation, The protocol value implemented by bio is ORG.APACHE.COYOTE.HTTP11.HTTP11NIOPROTOCOL for protocol values implemented by Org.apache.coyote.http11.http11protocol,nio.

According to my experiment, the TOMCAT6 must use the Bio implementation method. There is an error using the NIO implementation method.

If you want to use Apr mode, you must install the Tomcat local library.

(3) Most of the default connectors in Tomcat are the Bio connector

The tested TOMCAT6 is a bio connector and does not support NIO, so the protocol value of the Connect connector should be written as Org.apache.coyote.http11.Http11Protocol

Iii. errors that occur during the installation of SSL

(1) JDK1.8 the JKs file generated by the previous version of the Keytool tool to report a weak temporary Diffe-hellman key

Test using Firefox version 48 times the above exception, directly disconnected.

The above exception is reported in Chrome version 48

The installation and configuration of Tomcat SSL has encountered problems