thanks Mark Thomas and Goo Sam Kong I followed Goo Sam Kong 's config still have errors:
Loaded APR based Apache Tomcat Native library 1.1.20. 2010-11-24 17:38:43 org.apache.catalina.core.AprLifecycleListener init 信息: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. 2010-11-24 17:38:43 org.apache.coyote.http11.Http11AprProtocol init 严重: Error initializing endpoint java.lang.Exception: Unable to load certificate key D:\TDDownload\apache-tomcat-7.0.4\conf\key1cert.pem (error:0906D06C:PEM routines:PEM_read_bio:no start line) at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method) at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:501) at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:80) at org.apache.catalina.connector.Connector.initInternal(Connector.java:873) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:542) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:717) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100) at org.apache.catalina.startup.Catalina.load(Catalina.java:544) at org.apache.catalina.startup.Catalina.load(Catalina.java:567) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:417) 2010-11-24 17:38:43 org.apache.catalina.core.StandardService initInternal 严重: Failed to initialize connector [Connector[HTTP/1.1-443]] LifecycleException: Protocol handler initialization failed: java.lang.Exception: Unable to load certificate key D:\TDDownload\apache-tomcat-7.0.4\conf\key1cert.pem (error:0906D06C:PEM routines:PEM_read_bio:no start line) at org.apache.catalina.connector.Connector.initInternal(Connector.java:875) update config as follow, <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" SSLEnabled="true" protocol="org.apache.coyote.http11.Http11AprProtocol" SSLCertificateFile="D:\TDDownload\apache-tomcat-7.0.4\conf\key1.pem" SSLCertificateKeyFile="D:\TDDownload\apache-tomcat-7.0.4\conf\key1cert.pem" SSLPassword="test" /> <Connector port="8009" enableLookups="false" redirectPort="443" protocol="AJP/1.3" /> I find my SSLCertificateFile is *.pem, and Goo Sam Kong's crt, key, how do you create these files, not use OpenSSL? 在 2010年11月24日 下午5:10,Goo Sam Kong <skgo...@gmail.com>写道: > Hi Scott, > > My working HTTPS connector using APR settings as below: > > <Connector port="8443" > protocol="org.apache.coyote.http11.Http11AprProtocol" > SSLEnabled="true" > maxThreads="150" > scheme="https" > secure="true" > SSLCertificateFile="C:\usr\tomcat\tomcat.crt" > SSLCertificateKeyFile="C:\usr\tomcat\tomcat.key" > SSLPassword="123456" > /> > > Try to remove SSLEngine attribute and add protocol attribute, then re-start > Tomcat. > > -- > Thanks & Regards, > > Scott Li >