配置方法网上一搜一大片,这里不描述了,只要将自己生成的证书或者网上购买的证书(例如:证书名称app.xxxx.com.jks,证书密码:password)放到tomcat/conf目录下,然后修改server.xml 如下即可。
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="conf/app.xxxx.com.jks" keystorePass="password"
clientAuth="false" sslProtocol="TLS" />
本地windows 配置访问都是正常的,上传到服务器后出了个奇怪的问题,访问tomcat 报了这个错误:
java.lang.RuntimeException: java.security.InvalidAlgorithmParameterException
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1345)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:799)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:767)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:350)
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:208)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1478)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1458)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.ProviderException: java.security.InvalidAlgorithmParameterException
at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:146)
at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:704)
at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:65)
at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:1366)
at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1153)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:956)
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:682)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:853)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:851)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1285)
at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:300)
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:358)
... 7 more
Caused by: java.security.InvalidAlgorithmParameterException
at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(Native Method)
at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:126)
... 21 more
问题原因:作者使用的是 openJdk 似乎蛮多是动态库,有挺多问题。
解决方案:更换CentOS上的jdk!将 openjdk换成普通jdk 。
上传到服务器后,到rpm同目录下可以使用 yum 方式安装
[root@xxxxx ~]# yum install jdk-8u91-linux-x64.rpm
以下是更换jdk后的版本显示:
[root@xxxxx ~]# java -version
java version "1.8.0_91"
Java(TM) SE Runtime Environment (build 1.8.0_91-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.91-b14, mixed mode)