I followed the following steps to setup SSL for Tomcat 7, after downloaded my certificates from my CA, I:

我按照以下步骤为 Tomcat 7 设置 SSL，从我的 CA 下载我的证书后，我：

1. used Java keytool to import root, intermediate, and my site certificate into local keystore.

2. modified tomcat server.xml file to this (many sites are having the similar conf):

   <Connector
    port="8443"
    SSLEnabled="true"
    protocol="HTTP/1.1"
    maxThreads="150"
    scheme="https"
    secure="true"
    keystoreFile="conf/.keystore"
    keystorePass="password"
    clientAuth="false"
    sslProtocol="TLS"
    />
   

1. 使用 Java keytool 将根证书、中间证书和我的站点证书导入本地密钥库。

2. 将 tomcat server.xml 文件修改为此（许多站点都有类似的配置）：

   <Connector
    port="8443"
    SSLEnabled="true"
    protocol="HTTP/1.1"
    maxThreads="150"
    scheme="https"
    secure="true"
    keystoreFile="conf/.keystore"
    keystorePass="password"
    clientAuth="false"
    sslProtocol="TLS"
    />
   

Everything seemed fine until I opened browser to access the site and got an ERR_SSL_VERSION_OR_CIPHER_MISMATCH error in Chrome, and "no common encryption algorithm" error under Firefox.

一切似乎都很好，直到我打开浏览器访问该站点并在 Chrome 中收到 ERR_SSL_VERSION_OR_CIPHER_MISMATCH 错误，在 Firefox 下出现“无通用加密算法”错误。

I spent a few hours but yet could not figure out what the problem is, and would be grateful to those who can shed light on this issue.

我花了几个小时，但仍然无法弄清楚问题是什么，并感谢那些能够阐明这个问题的人。

UPDATEIt works now after keystoreFile changes to .pfx file, but why does not it work by following java keystore (.keystore) with importing .cer files approach?

更新它现在在 keystoreFile 更改为 .pfx 文件后工作，但为什么它不能通过遵循 java keystore (.keystore) 和导入 .cer 文件的方法工作？