Even though I removed the alias it is giving the same error.
On Mon, Nov 14, 2022 at 12:50 PM Thomas Hoffmann (Speed4Trade GmbH)
<thomas.hoffm...@speed4trade.com.invalid> wrote:
> Hello,
> What happens if you remove the keyalias Attribute?
> ________________________________
> Von: thulasiram k <ktr...@gmail.com>
> Gesendet: Montag, 14. November 2022 04:10:18
> An: Tomcat Users List
> Betreff: Re: Alias name [server] does not identify a key entry + tomcat SSL
>
> Hi Thomas,
>
> Thanks for helping me here. I have deleted the old certs so only new certs
> are in the key store. I tried with a pfx file but still the same issue and
> I have mentioned the server.xml with the alias and type also. here the
> config which I have in my file.
>
> <Connector port="443"
> connectionTimeout="20000"
> maxHttpHeaderSize="8192"
> maxThreads="150"
> minSpareThreads="25"
> enableLookups="false"
> disableUploadTimeout="true"
> acceptCount="100"
> scheme="https"
> secure="true"
> clientAuth="false"
> keystoreFile="<file location>\application.p12"
> keystorePass="*****"
> keystoreType="PKCS12"
> keyAlias="server"
> protocol="HTTP/1.1"
> SSLEnabled="true"
> sslProtocol="${jazz.connector.sslProtocol}"
> algorithm="${jazz.connector.algorithm}"
> URIEncoding="UTF-8"
> ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" />
>
> And the tomcat version is 8.5.34. and here is the error which we are
> receiving in the log.
>
> 13-Nov-2022 16:24:59.451 SEVERE [main]
> org.apache.catalina.core.StandardService.initInternal Failed to initialize
> connector [Connector[HTTP/1.1-443]]
> org.apache.catalina.LifecycleException: Failed to initialize component
> [Connector[HTTP/1.1-443]]
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
> at
>
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at
>
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:632)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:655)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
> Caused by: org.apache.catalina.LifecycleException: Protocol handler
> initialization failed
> at org.apache.catalina.connector.Connector.initInternal(Connector.java:995)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> ... 12 more
> Caused by: java.lang.IllegalArgumentException: Alias name [server] does not
> identify a key entry
> at
> org.apache.tomcat.util.net
> .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:115)
> at
> org.apache.tomcat.util.net
> .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:86)
> at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244)
> at
> org.apache.tomcat.util.net
> .AbstractEndpoint.init(AbstractEndpoint.java:1087)
> at
> org.apache.tomcat.util.net
> .AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:265)
> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
> at
>
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
> at org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
> ... 13 more
> Caused by: java.io.IOException: Alias name [server] does not identify a key
> entry
> at
> org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:229)
> at
> org.apache.tomcat.util.net
> .openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:79)
> at
> org.apache.tomcat.util.net
> .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:113)
> ... 20 more
>
>
> let me know anything else required or suggestions.
>
> Thanks
> Ram
>
> On Mon, Nov 14, 2022 at 3:05 AM Thomas Hoffmann (Speed4Trade GmbH)
> <thomas.hoffm...@speed4trade.com.invalid> wrote:
>
> > Hello,
> >
> > maybe you have several keys in your keystore file.
> > You can e.g. use https://code.google.com/archive/p/keytool-iui/ to take
> > an easy look into your keystore file.
> > You can delete the old one or use the connector attribute
> > certificateKeyAlias to tell tomcat which key to use.
> > The keys can be imported with an alias which must match the attribute.
> >
> > I personally prefer pfx format instead of java keystore. There is no need
> > for an import and easier to handle.
> > In order to use pfx you need to set the attribute keystoreType=pkcs12
> > Pfx holds the private key and the public certificate.
> >
> > If this doesn’t help, please tell the tomcat version as the configuration
> > depends on the version.
> > Also the connector snippet is helpful (hide the password).
> >
> > Greetings, Thomas
> >
> > > -----Ursprüngliche Nachricht-----
> > > Von: thulasiram k <ktr...@gmail.com>
> > > Gesendet: Sonntag, 13. November 2022 16:53
> > > An: Tomcat Users List <users@tomcat.apache.org>
> > > Betreff: Alias name [server] does not identify a key entry + tomcat SSL
> > >
> > > Hi Team,
> > >
> > > I am trying to renew my existing certificate. when I import the new
> cert
> > it has
> > > imported successfully and I can view that in the listing as well.
> > >
> > > But when I restart my tomcat I am getting the below error and
> > application is
> > > not accessible with https.
> > >
> > > Error:
> > > Caused by: java.lang.IllegalArgumentException: Alias name [server] does
> > not
> > > identify a key entry at
> > > org.apache.tomcat.util.net
> > .AbstractJsseEndpoint.createSSLContext(AbstractJsse
> > > Endpoint.java:115)
> > > at
> > > org.apache.tomcat.util.net
> > .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoi
> > > nt.java:86)
> > > at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244)
> > > at
> > > org.apache.tomcat.util.net
> > .AbstractEndpoint.init(AbstractEndpoint.java:1087)
> > > at
> > > org.apache.tomcat.util.net
> > .AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:
> > > 265)
> > > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
> > > at
> > >
> >
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.j
> > > ava:68)
> > > at
> > org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
> > > ... 13 more
> > > Caused by: java.io.IOException: Alias name [server] does not identify a
> > key
> > > entry at
> > > org.apache.tomcat.util.net
> > .jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:229)
> > > at
> > > org.apache.tomcat.util.net
> > .openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.j
> > > ava:79)
> > > at
> > > org.apache.tomcat.util.net
> > .AbstractJsseEndpoint.createSSLContext(AbstractJsse
> > > Endpoint.java:113)
> > > ... 20 more
> > >
> > > I tried exporting with a private key and configuring the
> > keystoreType="PKCS12"
> > > but still no luck. Please help me with this issue if any one has faced
> a
> > similar
> > > situation.
> > >
> > > Thanks
> > > Ram
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
>
