As you are using java 8, thus defaultwill TLS 1.2.

由于您使用的是 java 8，因此默认将TLS 1.2.

By looking at your screenshot, client TLS is not enabled in your IE 11. By default IE 11has SSL 3.0, TLS 1.0, 1.1, 1.2enabled.

通过查看您的屏幕截图，您的 IE 11 中未启用客户端 TLS。默认情况下，IE 11已SSL 3.0, TLS 1.0, 1.1, 1.2启用。

If you see the protocolsmatrix, you will come to why the connection is not successful.

如果你看到协议矩阵，你就会明白为什么连接不成功。

Thus, please update your IE 11 SSL TLS settings or try to use another browser to verify.

因此，请更新您的 IE 11 SSL TLS 设置或尝试使用其他浏览器进行验证。

I had the same issue long time ago.

很久以前我有同样的问题。

Mi solution was (the steps that I follow here depends on the CA instructions, the CA site ussually have the complete instruccions of how generate the certificate correctly):

Mi 解决方案是（我在此处遵循的步骤取决于 CA 说明，CA 站点通常具有如何正确生成证书的完整说明）：

1. Create the certificate again but with the following commands (keysize 2048) (make sure that name and lastname are the same as your site name example: yourhost.com:

1. 再次创建证书，但使用以下命令（密钥大小 2048）（确保名称和姓氏与您的站点名称示例相同：yourhost.com：

keytool -genkey -alias yourhost.com -keyalg RSA -keysize 2048 -keystore servername.jks

keytool -genkey -alias yourhost.com -keyalg RSA -keysize 2048 -keystore servername.jks

1. Genearate de csr

2. 生成企业社会责任

keytool -certreq -alias yourhost.com -file mycsr.txt -keystore servername.jks

keytool -certreq -alias yourhost.com -file mycsr.txt -keystore servername.jks

1. Install the certificate

3. 安装证书

keytool -import -trustcacerts -alias yourhost.com -file file-from-your-ca.p7b -keystore servername.jks

keytool -import -trustcacerts -alias yourhost.com -file file-from-your-ca.p7b -keystore servername.jks

On the server.xml connector put the following configuration (note: the sslProtocol possible values depends on the jvm that your are using, please see the possible values for java 8 java 8 ssl values)

在 server.xml 连接器上放置以下配置（注意：sslProtocol 可能的值取决于您使用的 jvm，请参阅 java 8 java 8 ssl values的可能值）

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false"  keystoreFile="/home/myserver/ssl/servername.jks" keystorePass="yourpass" keystoreAlias="yourhost.com" sslProtocol="TLSv1.2"  />

Restart tomcat

重启tomcat

There are more examples of how configure secure connector on this site: Secure Tomcat

在此站点上还有更多有关如何配置安全连接器的示例：Secure Tomcat

Tomcat can use two different implementations of SSL:

Tomcat 可以使用两种不同的 SSL 实现：

the JSSE implementation provided as part of the Java runtime (since 1.4) the APR implementation, which uses the OpenSSL engine by default. The exact configuration details depend on which implementation is being used. If you configured Connector by specifying generic protocol="HTTP/1.1" then the implementation used by Tomcat is chosen automatically. If the installation uses APR - i.e. you have installed the Tomcat native library - then it will use the APR SSL implementation, otherwise it will use the Java JSSE implementation.

JSSE 实现作为 Java 运行时（自 1.4 起）的一部分提供，APR 实现默认使用 OpenSSL 引擎。确切的配置细节取决于所使用的实现。如果您通过指定 generic protocol="HTTP/1.1" 来配置连接器，那么 Tomcat 使用的实现将被自动选择。如果安装使用 APR - 即您已经安装了 Tomcat 本地库 - 那么它将使用 APR SSL 实现，否则它将使用 Java JSSE 实现。

Please refer to https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.htmlfor all details for configuration. I simply follow the steps and it works for me.

有关配置的所有详细信息，请参阅https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html。我只是按照步骤操作，它对我有用。

Most importantly,Are you sure you have got issue in your tomcat. Your error may comes from your browser.

最重要的是，你确定你的 tomcat 有问题吗？您的错误可能来自您的浏览器。

• Have you tried other browsers other than IE?
• Which version of IE are you using?
• Windows 7 or Windows 8?

• 您是否尝试过 IE 以外的其他浏览器？
• 你用的是哪个版本的IE？
• Windows 7 还是 Windows 8？

If you face the issue only in IE, check also SSL 2.0 and SSL 3.0 under the Advanced Setting along with the recommended fix of turning on TLS 1.0, TLS 1.1, and TLS 1.2.

如果您仅在 IE 中遇到此问题，请同时检查高级设置下的 SSL 2.0 和 SSL 3.0，以及打开 TLS 1.0、TLS 1.1 和 TLS 1.2 的推荐修复。

I am currently facing a similar problem, and I got the strong suspicion that our problem has something to do with the Tomcat configuration within server.xml. Me too, I see the service listening on the port, and not much helpful messages in any log files.

我目前面临类似的问题，我强烈怀疑我们的问题与server.xml 中的 Tomcat 配置有关。我也是，我看到服务正在监听端口，但在任何日志文件中都没有太多有用的消息。

I was told by a colleague who got (a secure Tomcat with SSL) running to enter

一位同事告诉我（一个带有 SSL 的安全 Tomcat）运行进入

   <Connector port="443" scheme="https" server="Secure Web Server"
              minSpareThreads="25" allowTrace="false" keystoreType="JKS"
              keystoreFile="C:\tomcat\conf\aSecureTomcat.jks" keystorePass="yourPassword"  
              connectionTimeout="20000"
              protocol="org.apache.coyote.http11.Http11NioProtocol" 
              secure="true" clientAuth="false" sslProtocol="TLS" 
              sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" 
              useServerCipherSuitesOrder="true" 
              ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"/> 

I have not figured out the minimal configuration yet, but the important part for you might be the last 5 lines of my code snippet. How does your Tomcat config look like?

我还没有弄清楚最低配置，但对您来说重要的部分可能是我的代码片段的最后 5 行。您的 Tomcat 配置如何？

Just change your original server.xml: sslProtocol=TLSv1.2 Include the version no. Had the same error before.

只需更改您的原始 server.xml： sslProtocol=TLSv1.2 包括版本号。之前有同样的错误。

Try forcing JSSE use by adding in your Connector:

尝试通过在连接器中添加来强制使用 JSSE：

sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"

For any reason it's detecting APR and trying to use OpenSSL which is not working. See this answer.

出于任何原因，它正在检测 APR 并尝试使用不起作用的 OpenSSL。看到这个答案。