Hello,
According to Tomcat 8.5 documentation [1] when JSSE is used if the key
alias is not specified through the attribute certificateKeyAlias of
Certificate entry, then "... the first key read from the keystore will be
used...".
However, when the property is not specified Tomcat tries to use a default
key alias (which is "tomcat"). At least I got (on Tomcat 8.5.4)
java.io.IOException: Alias name tomcat does not identify a key entry
at
org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:213)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101)
Is this the intended behavior?
Specifying explicitly certificateKeyAlias works like a charm.
[1]
https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_Certificate
