我有同样的问题，而在www.tpsynergy.com更新我们的服务器的证书。导入新的服务器证书并重新启动Tomcat的之后，我们得到的错误是ERR_SSL_VERSION_OR_CIPHER_MISMATCH。大量的调查研究后，我用这个链接https://www.sslshopper.com/certificate-key-matcher.html比较CSR（证书签名请求实际证书）。他们俩不匹配。所以，我创建了一个新的CSR并获得新证书，并安装相同的。它的工作。

I had the same issue while renewing the certificate for our server at www.tpsynergy.com . After importing the new server certificate and restarting the tomcat, the error we were getting was ERR_SSL_VERSION_OR_CIPHER_MISMATCH. After lot of research, I used this link https://www.sslshopper.com/certificate-key-matcher.html to compare the csr (certificate signing request to the actual certificate). They both did not match. So I created a new csr and obtained a new certificate and installed the same. It worked.

因此​​，对于该过程的全部步骤

So the full steps for the process are

1. 从那里的证书将被安装在同一服务器上，创建CSR

密钥工具-keysize 2048 -genkey -alias tomcat的-keyalg RSA -keystore tpsynergy.keystore
（根据需要更改域名）

keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tpsynergy.keystore (change the domain name as needed)

在创建这个，它会要求名和姓。不要给你的名字，但使用的域名。比如我把它作为www.tpsynergy.com

While creating this, it will ask for first name and last name. Do not give your name, but use the domain name. For example I gave it as www.tpsynergy.com

2.keytool -certreq -keyalg RSA -alias tomcat的-file csr.csr -keystore tpsynergy.keystore

2.keytool -certreq -keyalg RSA -alias tomcat -file csr.csr -keystore tpsynergy.keystore

这将创造在同一文件夹中的文件csr.csr。这个内容复制到GoDaddy的网站，并创建新的证书。

This will create a csr.csr file in the same folder. copy the contents of this to the godaddy site and create the new certificate.

下载的证书zip文件将有三个文件
gd_bundle-G2-g1.crt
gdig2.crt
youractualcert.crt

1. The downloaded certificate zip file will have three files gd_bundle-g2-g1.crt gdig2.crt youractualcert.crt

您将需要下载从GoDaddy的存储库中的根证书gdroot-g2.crt。

You will need to download the root cert gdroot-g2.crt from godaddy repository.

所有这些文件复制到从创建CSR文件，并在同一目录中的密钥存储文件的位置。

Copy all these files to the same directory from where you created the CSR file and where the keystore file is located.

现在运行下面的命令一个接一个的证书导入到密钥库

Now run the below commands one by one to import the certs into the keystore

的keytool -import -alias -trustcacerts根-file gd_bundle-G2-g1.crt -keystore tpsynergy.keystore

keytool -import -trustcacerts -alias root -file gd_bundle-g2-g1.crt -keystore tpsynergy.keystore

的keytool -import -alias -trustcacerts -file root2 gdroot-g2.crt -keystore tpsynergy.keystore

keytool -import -trustcacerts -alias root2 -file gdroot-g2.crt -keystore tpsynergy.keystore

的keytool -import -alias -trustcacerts中间-file gdig2.crt -keystore tpsynergy.keystore

keytool -import -trustcacerts -alias intermediate -file gdig2.crt -keystore tpsynergy.keystore

的keytool -import -alias -trustcacerts tomcat的-file yourdomainfile.crt -keystore tpsynergy.keystore

keytool -import -trustcacerts -alias tomcat -file yourdomainfile.crt -keystore tpsynergy.keystore

在确保conf文件夹的server.xml文件具有此项

Ensure that server.xml file in conf folder has this entry

 

重新启动Tomcat

Restart the tomcat