Configuring SSL for Tomcat 7 leads to an ERR_SSL_VERSION_OR_CIPHER_MISMATCH error

Question

I followed the following steps to setup SSL for Tomcat 7, after downloaded my certificates from my CA, I:

1. used Java keytool to import root, intermediate, and my site certificate into local keystore.

2. modified tomcat server.xml file to this (many sites are having the similar conf):

   <Connector
    port="8443"
    SSLEnabled="true"
    protocol="HTTP/1.1"
    maxThreads="150"
    scheme="https"
    secure="true"
    keystoreFile="conf/.keystore"
    keystorePass="password"
    clientAuth="false"
    sslProtocol="TLS"
    />
   

Everything seemed fine until I opened browser to access the site and got an ERR_SSL_VERSION_OR_CIPHER_MISMATCH error in Chrome, and "no common encryption algorithm" error under Firefox.

I spent a few hours but yet could not figure out what the problem is, and would be grateful to those who can shed light on this issue.

UPDATE It works now after keystoreFile changes to .pfx file, but why does not it work by following java keystore (.keystore) with importing .cer files approach?

Answer 1

I had the same problem and I forgot to import the private key. Follow the instructions in this thread[1] to import your and the CA's certificate and your private key. That worked for me.

[1] importing an existing x509 certificate and private key in Java keystore to use in ssl