Hello, According to Tomcat 8.5 documentation [1] when JSSE is used if the key alias is not specified through the attribute certificateKeyAlias of Certificate entry, then "... the first key read from the keystore will be used...". However, when the property is not specified Tomcat tries to use a default key alias (which is "tomcat"). At least I got (on Tomcat 8.5.4) java.io.IOException: Alias name tomcat does not identify a key entry at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:213) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101)
Is this the intended behavior? Specifying explicitly certificateKeyAlias works like a charm. [1] https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_Certificate