Even though I removed the alias it is giving the same error. On Mon, Nov 14, 2022 at 12:50 PM Thomas Hoffmann (Speed4Trade GmbH) <thomas.hoffm...@speed4trade.com.invalid> wrote:
> Hello, > What happens if you remove the keyalias Attribute? > ________________________________ > Von: thulasiram k <ktr...@gmail.com> > Gesendet: Montag, 14. November 2022 04:10:18 > An: Tomcat Users List > Betreff: Re: Alias name [server] does not identify a key entry + tomcat SSL > > Hi Thomas, > > Thanks for helping me here. I have deleted the old certs so only new certs > are in the key store. I tried with a pfx file but still the same issue and > I have mentioned the server.xml with the alias and type also. here the > config which I have in my file. > > <Connector port="443" > connectionTimeout="20000" > maxHttpHeaderSize="8192" > maxThreads="150" > minSpareThreads="25" > enableLookups="false" > disableUploadTimeout="true" > acceptCount="100" > scheme="https" > secure="true" > clientAuth="false" > keystoreFile="<file location>\application.p12" > keystorePass="*****" > keystoreType="PKCS12" > keyAlias="server" > protocol="HTTP/1.1" > SSLEnabled="true" > sslProtocol="${jazz.connector.sslProtocol}" > algorithm="${jazz.connector.algorithm}" > URIEncoding="UTF-8" > ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, > TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" /> > > And the tomcat version is 8.5.34. and here is the error which we are > receiving in the log. > > 13-Nov-2022 16:24:59.451 SEVERE [main] > org.apache.catalina.core.StandardService.initInternal Failed to initialize > connector [Connector[HTTP/1.1-443]] > org.apache.catalina.LifecycleException: Failed to initialize component > [Connector[HTTP/1.1-443]] > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112) > at > > org.apache.catalina.core.StandardService.initInternal(StandardService.java:552) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > at > > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > at org.apache.catalina.startup.Catalina.load(Catalina.java:632) > at org.apache.catalina.startup.Catalina.load(Catalina.java:655) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > at java.lang.reflect.Method.invoke(Unknown Source) > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) > Caused by: org.apache.catalina.LifecycleException: Protocol handler > initialization failed > at org.apache.catalina.connector.Connector.initInternal(Connector.java:995) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > ... 12 more > Caused by: java.lang.IllegalArgumentException: Alias name [server] does not > identify a key entry > at > org.apache.tomcat.util.net > .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:115) > at > org.apache.tomcat.util.net > .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:86) > at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244) > at > org.apache.tomcat.util.net > .AbstractEndpoint.init(AbstractEndpoint.java:1087) > at > org.apache.tomcat.util.net > .AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:265) > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) > at > > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68) > at org.apache.catalina.connector.Connector.initInternal(Connector.java:993) > ... 13 more > Caused by: java.io.IOException: Alias name [server] does not identify a key > entry > at > org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:229) > at > org.apache.tomcat.util.net > .openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:79) > at > org.apache.tomcat.util.net > .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:113) > ... 20 more > > > let me know anything else required or suggestions. > > Thanks > Ram > > On Mon, Nov 14, 2022 at 3:05 AM Thomas Hoffmann (Speed4Trade GmbH) > <thomas.hoffm...@speed4trade.com.invalid> wrote: > > > Hello, > > > > maybe you have several keys in your keystore file. > > You can e.g. use https://code.google.com/archive/p/keytool-iui/ to take > > an easy look into your keystore file. > > You can delete the old one or use the connector attribute > > certificateKeyAlias to tell tomcat which key to use. > > The keys can be imported with an alias which must match the attribute. > > > > I personally prefer pfx format instead of java keystore. There is no need > > for an import and easier to handle. > > In order to use pfx you need to set the attribute keystoreType=pkcs12 > > Pfx holds the private key and the public certificate. > > > > If this doesn’t help, please tell the tomcat version as the configuration > > depends on the version. > > Also the connector snippet is helpful (hide the password). > > > > Greetings, Thomas > > > > > -----Ursprüngliche Nachricht----- > > > Von: thulasiram k <ktr...@gmail.com> > > > Gesendet: Sonntag, 13. November 2022 16:53 > > > An: Tomcat Users List <users@tomcat.apache.org> > > > Betreff: Alias name [server] does not identify a key entry + tomcat SSL > > > > > > Hi Team, > > > > > > I am trying to renew my existing certificate. when I import the new > cert > > it has > > > imported successfully and I can view that in the listing as well. > > > > > > But when I restart my tomcat I am getting the below error and > > application is > > > not accessible with https. > > > > > > Error: > > > Caused by: java.lang.IllegalArgumentException: Alias name [server] does > > not > > > identify a key entry at > > > org.apache.tomcat.util.net > > .AbstractJsseEndpoint.createSSLContext(AbstractJsse > > > Endpoint.java:115) > > > at > > > org.apache.tomcat.util.net > > .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoi > > > nt.java:86) > > > at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244) > > > at > > > org.apache.tomcat.util.net > > .AbstractEndpoint.init(AbstractEndpoint.java:1087) > > > at > > > org.apache.tomcat.util.net > > .AbstractJsseEndpoint.init(AbstractJsseEndpoint.java: > > > 265) > > > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) > > > at > > > > > > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.j > > > ava:68) > > > at > > org.apache.catalina.connector.Connector.initInternal(Connector.java:993) > > > ... 13 more > > > Caused by: java.io.IOException: Alias name [server] does not identify a > > key > > > entry at > > > org.apache.tomcat.util.net > > .jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:229) > > > at > > > org.apache.tomcat.util.net > > .openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.j > > > ava:79) > > > at > > > org.apache.tomcat.util.net > > .AbstractJsseEndpoint.createSSLContext(AbstractJsse > > > Endpoint.java:113) > > > ... 20 more > > > > > > I tried exporting with a private key and configuring the > > keystoreType="PKCS12" > > > but still no luck. Please help me with this issue if any one has faced > a > > similar > > > situation. > > > > > > Thanks > > > Ram > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > >