Hello, What happens if you remove the keyalias Attribute? ________________________________ Von: thulasiram k <ktr...@gmail.com> Gesendet: Montag, 14. November 2022 04:10:18 An: Tomcat Users List Betreff: Re: Alias name [server] does not identify a key entry + tomcat SSL
Hi Thomas, Thanks for helping me here. I have deleted the old certs so only new certs are in the key store. I tried with a pfx file but still the same issue and I have mentioned the server.xml with the alias and type also. here the config which I have in my file. <Connector port="443" connectionTimeout="20000" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" keystoreFile="<file location>\application.p12" keystorePass="*****" keystoreType="PKCS12" keyAlias="server" protocol="HTTP/1.1" SSLEnabled="true" sslProtocol="${jazz.connector.sslProtocol}" algorithm="${jazz.connector.algorithm}" URIEncoding="UTF-8" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" /> And the tomcat version is 8.5.34. and here is the error which we are receiving in the log. 13-Nov-2022 16:24:59.451 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-443]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-443]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:552) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.startup.Catalina.load(Catalina.java:632) at org.apache.catalina.startup.Catalina.load(Catalina.java:655) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:995) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) ... 12 more Caused by: java.lang.IllegalArgumentException: Alias name [server] does not identify a key entry at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:115) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:86) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1087) at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:265) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68) at org.apache.catalina.connector.Connector.initInternal(Connector.java:993) ... 13 more Caused by: java.io.IOException: Alias name [server] does not identify a key entry at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:229) at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:79) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:113) ... 20 more let me know anything else required or suggestions. Thanks Ram On Mon, Nov 14, 2022 at 3:05 AM Thomas Hoffmann (Speed4Trade GmbH) <thomas.hoffm...@speed4trade.com.invalid> wrote: > Hello, > > maybe you have several keys in your keystore file. > You can e.g. use https://code.google.com/archive/p/keytool-iui/ to take > an easy look into your keystore file. > You can delete the old one or use the connector attribute > certificateKeyAlias to tell tomcat which key to use. > The keys can be imported with an alias which must match the attribute. > > I personally prefer pfx format instead of java keystore. There is no need > for an import and easier to handle. > In order to use pfx you need to set the attribute keystoreType=pkcs12 > Pfx holds the private key and the public certificate. > > If this doesn’t help, please tell the tomcat version as the configuration > depends on the version. > Also the connector snippet is helpful (hide the password). > > Greetings, Thomas > > > -----Ursprüngliche Nachricht----- > > Von: thulasiram k <ktr...@gmail.com> > > Gesendet: Sonntag, 13. November 2022 16:53 > > An: Tomcat Users List <users@tomcat.apache.org> > > Betreff: Alias name [server] does not identify a key entry + tomcat SSL > > > > Hi Team, > > > > I am trying to renew my existing certificate. when I import the new cert > it has > > imported successfully and I can view that in the listing as well. > > > > But when I restart my tomcat I am getting the below error and > application is > > not accessible with https. > > > > Error: > > Caused by: java.lang.IllegalArgumentException: Alias name [server] does > not > > identify a key entry at > > org.apache.tomcat.util.net > .AbstractJsseEndpoint.createSSLContext(AbstractJsse > > Endpoint.java:115) > > at > > org.apache.tomcat.util.net > .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoi > > nt.java:86) > > at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244) > > at > > org.apache.tomcat.util.net > .AbstractEndpoint.init(AbstractEndpoint.java:1087) > > at > > org.apache.tomcat.util.net > .AbstractJsseEndpoint.init(AbstractJsseEndpoint.java: > > 265) > > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) > > at > > > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.j > > ava:68) > > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:993) > > ... 13 more > > Caused by: java.io.IOException: Alias name [server] does not identify a > key > > entry at > > org.apache.tomcat.util.net > .jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:229) > > at > > org.apache.tomcat.util.net > .openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.j > > ava:79) > > at > > org.apache.tomcat.util.net > .AbstractJsseEndpoint.createSSLContext(AbstractJsse > > Endpoint.java:113) > > ... 20 more > > > > I tried exporting with a private key and configuring the > keystoreType="PKCS12" > > but still no luck. Please help me with this issue if any one has faced a > similar > > situation. > > > > Thanks > > Ram > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >