tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Problem bringing up SSL with a CA certificate
Date Mon, 23 Jan 2012 22:54:38 GMT
Hash: SHA1


On 1/18/12 12:37 PM, James Lampert wrote:
> So far, I've had complete success using self-signed certificates,
> both here and on the customer box, once I found out that the CN
> needs to match the domain name.


> But now, we're trying to get the customer box up on a CA-signed 
> certificate, and Tomcat doesn't like it. (Given that we haven't
> done it on our own box, it's kind of a case of the blind leading
> the blind.) We had our contact with the customer follow the
> procedure given on
> and I put the resulting keystore into service, started Tomcat, and
> got this in logs/catalina.out:
>> SEVERE: Failed to initialize end point associated with
>> ProtocolHandler ["http-bio-443"]          Throwable occurred:
>> Alias name tomcat does not identify a key
>> entry         at

Did you also put your server's key into the keystore?

> If I list the keystore, I get:
>> Keystore type: jks
>>  Keystore provider: IBMJCE
>> Your keystore contains 2 entries
>> root, Jan 18, 2012, trustedCertEntry,
>> Certificate fingerprint (MD5):
>> D6:6A:92:1C:83:BF:A2:AE:6F:99:5B:44:E7:C2:AB:2A tomcat, Jan 18,
>> 2012, trustedCertEntry,
>> Certificate fingerprint (MD5):
>> 55:D7:4D:D4:83:01:D6:E0:EB:A4:F3:9A:06:BD:87:38

It looks like you only have certificates. Did you forget to import the
key into the keystore?

- -chris
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools -
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message