{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 傲 的问题《Fix Error code: ssl_error_no_cypher_overlap on Tom》','https://www.manongdao.com/q-708998.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a cheap SSL certificate which I want to configure with Tomcat 8.0.26
I run this command on Linux to create keystore:
[root@ cert]# keytool -import -alias root -keystore tomcat.jks -trustcacerts -file AddTrustExternalCARoot.crt
Enter keystore password:
Re-enter new password:
Certificate already exists in system-wide CA keystore under alias <addtrustexternalroot>
Do you still want to add it to your own keystore? [no]: yes
Certificate was added to keystore
[root@ cert]# keytool -import -alias intermediate1 -keystore tomcat.jks -trustcacerts -file COMODORSAAddTrustCA.crt
Enter keystore password:
Certificate was added to keystore
[root@ cert]# keytool -import -alias intermediate2 -keystore tomcat.jks -trustcacerts -file COMODORSADomainValidationSecureServerCA.crt
Enter keystore password:
Certificate was added to keystore
[root@ cert]# keytool -import -alias tomcat -keystore tomcat.jks -trustcacerts -file www_some_domain_com.crt
Enter keystore password:
Certificate was added to keystore
[root@ip-172-31-28-148 cert]#
I updated server.xml
<Connector port="8443" protocol="HTTP/1.1"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/opt/apache-tomcat-8.0.26/cert/tomcat.jks"
keystorePass="pass"
sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
clientAuth="false" sslProtocol="TLS" />
I updated web.xml to redirect SSL connections
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
But when I open the web page I get
An error occurred during a connection to some_domain.com:8443. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)
Do you have any idea where is my mistake? I also tried without sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" but there is no result.