El mar., 26 jun. 2018 a las 17:03, Cybulski, Adam M (<acybul...@albany.edu>) escribió: > > > Hello, I'm using Tomcat 8.5.4, on a server 2008R2 machine, and I'm unable to > start the SSL connector. > > My connector syntax is as follows: > > <Connector port="8080" protocol="HTTP/1.1" > connectionTimeout="20000" > redirectPort="8443" /> > > <Connector port="8443" > protocol="HTTP/1.1" > maxThreads="150" > scheme="https" > secure="true" > SSLEnabled="true" > keystoreFile="c:\tomcat8\meg.keystore" > keystorePass="keystorepass" > keyAlias="meg" /> > > To which I receive this error in Catalina.log: > > SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize > end point associated with ProtocolHandler ["https-openssl-nio-8443"] > java.lang.IllegalArgumentException: java.io.IOException: Alias name meg does > not identify a key entry > > However, meg is in my keystore: > > > > Keystore type: JKS > Keystore provider: SUN > > Your keystore contains 3 entries > > root, Jun 25, 2018, trustedCertEntry, > Certificate fingerprint (SHA1): > 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B: > 68:85:18:68 > meg, Jun 25, 2018, trustedCertEntry, > Certificate fingerprint (SHA1): > 72:66:E4:05:94:C4:5B:4A:8A:26:20:F1:C5:7D:73:3B: > 6F:24:D1:59 > tomcat, Jun 25, 2018, PrivateKeyEntry, > Certificate fingerprint (SHA1): > AC:D9:3B:37:E4:37:A3:E7:D2:27:D1:CF:88:D3:79:70: > 84:C8:16:82 > > I used these steps to manage the certs: > > keytool -genkey -alias tomcat -keyalg RSA -keystore c:\Tomcat8\meg.keystore > > keytool -certreq -keyalg RSA -alias tomcat -file c:\tomcat8\tomcatreq.csr > -keystore c:\Tomcat8\meg.keystore > > Sent CSR to InCommon CA, downloaded x509 certificate, and x509 > intermedites/root certificates. > > keytool -import -alias root -keystore c:\Tomcat8\meg.keystore -trustcacerts > -file "C:\Tomcat8\meg_library_albany_edu_interm.cer" > > keytool -import -alias meg -keystore c:\Tomcat8\meg.keystore -file > "C:\Tomcat8\meg_library_albany_edu_cert.cer" > > Any help you can give me in resolving this error is greatly appreciated. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
Hi I guess that meg entry should be a PrivateKeyEntry ( public certificate + private key ) , not a trustedCertEntry I think that meg_library_albany_edu_cert.cer only contains a public certificate Honestly, I use openssl to create .p12 key stores Something like openssl pkcs12 -export -in MYCERT.crt -inkey MYKEY.key -out KEYSTORE.p12 -name "meg" -CAfile MY-CA-CERT.crt -caname myCA -chain Regards --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
