Re: Alias name [server] does not identify a key entry + tomcat SSL

Sun, 13 Nov 2022 19:10:56 -0800 

Hi Thomas,

Thanks for helping me here. I have deleted the old certs so only new certs
are in the key store. I tried with a pfx file but still the same issue and
I have mentioned the server.xml with the alias and type also. here the
config which I have in my file.

 <Connector port="443"
                   connectionTimeout="20000"
                   maxHttpHeaderSize="8192"
                   maxThreads="150"
                   minSpareThreads="25"
                   enableLookups="false"
                   disableUploadTimeout="true"
                   acceptCount="100"
                   scheme="https"
                   secure="true"
                   clientAuth="false"
                   keystoreFile="<file location>\application.p12"
                   keystorePass="*****"
keystoreType="PKCS12"
keyAlias="server"
          protocol="HTTP/1.1"
          SSLEnabled="true"
                   sslProtocol="${jazz.connector.sslProtocol}"
                   algorithm="${jazz.connector.algorithm}"
                   URIEncoding="UTF-8"
               ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" />

And the tomcat version is 8.5.34. and here is the error which we are
receiving in the log.

13-Nov-2022 16:24:59.451 SEVERE [main]
org.apache.catalina.core.StandardService.initInternal Failed to initialize
connector [Connector[HTTP/1.1-443]]
 org.apache.catalina.LifecycleException: Failed to initialize component
[Connector[HTTP/1.1-443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:632)
at org.apache.catalina.startup.Catalina.load(Catalina.java:655)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
Caused by: org.apache.catalina.LifecycleException: Protocol handler
initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:995)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
... 12 more
Caused by: java.lang.IllegalArgumentException: Alias name [server] does not
identify a key entry
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:115)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:86)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1087)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:265)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
... 13 more
Caused by: java.io.IOException: Alias name [server] does not identify a key
entry
at
org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:229)
at
org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:79)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:113)
... 20 more


let me know anything else required or suggestions.

Thanks
Ram

On Mon, Nov 14, 2022 at 3:05 AM Thomas Hoffmann (Speed4Trade GmbH)
<thomas.hoffm...@speed4trade.com.invalid> wrote:

> Hello,
>
> maybe you have several keys in your keystore file.
> You can e.g. use https://code.google.com/archive/p/keytool-iui/ to take
> an easy look into your keystore file.
> You can delete the old one or use the connector attribute
> certificateKeyAlias to tell tomcat which key to use.
> The keys can be imported with an alias which must match the attribute.
>
> I personally prefer pfx format instead of java keystore. There is no need
> for an import and easier to handle.
> In order to use pfx you need to set the attribute keystoreType=pkcs12
> Pfx holds the private key and the public certificate.
>
> If this doesn’t help, please tell the tomcat version as the configuration
> depends on the version.
> Also the connector snippet is helpful (hide the password).
>
> Greetings, Thomas
>
> > -----Ursprüngliche Nachricht-----
> > Von: thulasiram k <ktr...@gmail.com>
> > Gesendet: Sonntag, 13. November 2022 16:53
> > An: Tomcat Users List <users@tomcat.apache.org>
> > Betreff: Alias name [server] does not identify a key entry + tomcat SSL
> >
> > Hi Team,
> >
> > I am trying to renew my existing certificate. when I import the new cert
> it has
> > imported successfully and I can view that in the listing as well.
> >
> > But when I restart my tomcat I am getting the below error and
> application is
> > not accessible with https.
> >
> > Error:
> > Caused by: java.lang.IllegalArgumentException: Alias name [server] does
> not
> > identify a key entry at
> > org.apache.tomcat.util.net
> .AbstractJsseEndpoint.createSSLContext(AbstractJsse
> > Endpoint.java:115)
> > at
> > org.apache.tomcat.util.net
> .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoi
> > nt.java:86)
> > at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244)
> > at
> > org.apache.tomcat.util.net
> .AbstractEndpoint.init(AbstractEndpoint.java:1087)
> > at
> > org.apache.tomcat.util.net
> .AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:
> > 265)
> > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
> > at
> >
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.j
> > ava:68)
> > at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
> > ... 13 more
> > Caused by: java.io.IOException: Alias name [server] does not identify a
> key
> > entry at
> > org.apache.tomcat.util.net
> .jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:229)
> > at
> > org.apache.tomcat.util.net
> .openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.j
> > ava:79)
> > at
> > org.apache.tomcat.util.net
> .AbstractJsseEndpoint.createSSLContext(AbstractJsse
> > Endpoint.java:113)
> > ... 20 more
> >
> > I tried exporting with a private key and configuring the
> keystoreType="PKCS12"
> > but still no luck. Please help me with this issue if any one has faced a
> similar
> > situation.
> >
> > Thanks
> > Ram
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Reply via email to