我正在按照本教程在 tomcat 中启用 ssl:https://medium.com/@raupach/how-to-install-lets-encrypt-with-tomcat-3db8a469e3d2 https://medium.com/@raupach/how-to-install-lets-encrypt-with-tomcat-3db8a469e3d2
虽然 tomcat 最后运行,但我无法访问 https,说无法连接。所以我检查了日志,得到:
Caused by: java.io.IOException: SSLHostConfig attribute certificateFile must be defined when using an SSL connector
,但我的certificateFile 的定义如您所见:
<Connector port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="100"
compression="on"
scheme="https"
SSLEnabled="true"
secure="true"
SSLVerifyClient="none"
SSLProtocol="TLSv1.2"
defaultSSLHostConfigName="test.test">
<SSLHostConfig hostName="test.test">
<Certificate certificateFile="conf/cert.pem" certificateKeyFile="conf/privkey.pem" certificateChainFile="conf/chain.pem" />
</SSLHostConfig>
</Connector>
这些文件存在于conf/中
tomcat 9 文档:https://tomcat.apache.org/tomcat-9.0-doc/config/http.html https://tomcat.apache.org/tomcat-9.0-doc/config/http.htmlSSLHostConfig 和证书部分
您混合使用新属性(自 Tomcat 8.5 起)和已弃用的属性(参见Tomcat 文档 http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_Connector_-_APR/Native_(deprecated))。设置的效果,例如SSLProtocol是创造第二个<SSLHostConfig>带主机名_default_。这就是错误消息所指的元素。
您应该替换过时的标签(SSLVerifyClient and SSLProtocol) 与其当前对应项(或者如果您想要默认值则省略它们):
<Connector port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="100"
compression="on"
scheme="https"
SSLEnabled="true"
secure="true"
defaultSSLHostConfigName="test.test">
<SSLHostConfig hostName="test.test"
protocols="TLSv1.2">
<Certificate certificateFile="conf/cert.pem"
certificateKeyFile="conf/privkey.pem"
certificateChainFile="conf/chain.pem" />
</SSLHostConfig>
</Connector>
Remark:您使用的属性特定于 APR 连接器。如果该选择是故意的,您应该将协议更改为org.apache.coyote.http11.Http11AprProtocol.
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
