tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jose María Zaragoza <demablo...@gmail.com>
Subject Re: Alias name does not identify a key entry
Date Tue, 26 Jun 2018 15:55:47 GMT
El mar., 26 jun. 2018 a las 17:03, Cybulski, Adam M
(<acybulski@albany.edu>) escribió:
>
>
> Hello, I'm using Tomcat 8.5.4, on a server 2008R2 machine,  and I'm unable to start the
SSL connector.
>
> My connector syntax is as follows:
>
>   <Connector port="8080" protocol="HTTP/1.1"
>                connectionTimeout="20000"
>                redirectPort="8443" />
>
>                            <Connector port="8443"
>                            protocol="HTTP/1.1"
>                            maxThreads="150"
>                            scheme="https"
>                            secure="true"
>                            SSLEnabled="true"
>                            keystoreFile="c:\tomcat8\meg.keystore"
>                            keystorePass="keystorepass"
>                            keyAlias="meg" />
>
> To which I receive this error in Catalina.log:
>
> SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point
associated with ProtocolHandler ["https-openssl-nio-8443"]
>  java.lang.IllegalArgumentException: java.io.IOException: Alias name meg does not identify
a key entry
>
> However, meg is in my keystore:
>
>
>
> Keystore type: JKS
> Keystore provider: SUN
>
> Your keystore contains 3 entries
>
> root, Jun 25, 2018, trustedCertEntry,
> Certificate fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:
> 68:85:18:68
> meg, Jun 25, 2018, trustedCertEntry,
> Certificate fingerprint (SHA1): 72:66:E4:05:94:C4:5B:4A:8A:26:20:F1:C5:7D:73:3B:
> 6F:24:D1:59
> tomcat, Jun 25, 2018, PrivateKeyEntry,
> Certificate fingerprint (SHA1): AC:D9:3B:37:E4:37:A3:E7:D2:27:D1:CF:88:D3:79:70:
> 84:C8:16:82
>
> I used these steps to manage the certs:
>
> keytool -genkey -alias tomcat -keyalg RSA -keystore c:\Tomcat8\meg.keystore
>
> keytool -certreq -keyalg RSA -alias tomcat -file c:\tomcat8\tomcatreq.csr -keystore c:\Tomcat8\meg.keystore
>
> Sent CSR to InCommon CA, downloaded x509 certificate, and x509 intermedites/root certificates.
>
> keytool -import -alias root -keystore c:\Tomcat8\meg.keystore -trustcacerts -file "C:\Tomcat8\meg_library_albany_edu_interm.cer"
>
> keytool -import -alias meg -keystore c:\Tomcat8\meg.keystore -file "C:\Tomcat8\meg_library_albany_edu_cert.cer"
>
> Any help you can give me in resolving this error is greatly appreciated.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

Hi

I guess that meg entry should be a PrivateKeyEntry ( public
certificate + private key ) , not a trustedCertEntry
I think that meg_library_albany_edu_cert.cer only contains a public certificate

Honestly, I use openssl to create .p12 key stores
Something like

openssl pkcs12 -export -in MYCERT.crt -inkey MYKEY.key -out
KEYSTORE.p12 -name "meg" -CAfile MY-CA-CERT.crt -caname myCA -chain

Regards

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message