在Tomcat 8上设置SSL

Question

I'm trying to configure Tomcat 8 on Windows for SSL.

I've followed the instructions here:

https://www.mulesoft.com/tcat/tomcat-ssl

so, I've created the a keystore:

keytool -genkey -alias Procon -keyalg RSA -keystore $TOMCAT_HOME\Keystore

and a CSR:

keytool -certreq -keyalg RSA -alias Procon -file cert.csr -keystore $TOMCAT_HOME\Keystore

and I've had the root file and new cert back from the provider and installed them in the keystore:

keytool -import -alias rootca -keystore $TOMCAT_HOME\Keystore -trustcacerts -file root.txt

keytool -import -alias inter -keystore $TOMCAT_HOME\Keystore -file newssl.txt

Then in Tomcat's serverl.xml I've uncommented and updated:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0_Tomcat8(Procon)\Keystore" 
               keystorePass="..."
               keyAlias="inter"
               />

and restarted, but when I go to:

https://<host>:8443

I just get a timeout and I'm stumped. No one on stackoverflow appears to have had this particular issue. Port 8080 is still working as it should.

I'm also a bit confused about the other connectors appearing to redirect to 8443:

<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

 <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

Answer 1

I think you have to create a key with the alis tomcat instead of Procon .

keytool -genkey -alias tomcat -keyalg RSA...

And don't forget to use the same password for the keystore as for the key!