Menu
Wondering if someone can enlighten me on where im screwing this up! I have a keytool created keystore, a primary, secondary and ssl cert from Thawte. I originally created the CSR with openssl then using the process documented converted the private key to PKCS12 to import into the keystore.
I believe i have imported them all in to the keystore ok (but obviously not!) but the error i'm getting from Tomcat is: 'java.io.IOException Alias name does not identify a key entry
If i do akeytool -list -keystore keystore.ks this is what i get:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 4 entries
secondary, Jun 22, 2012, trustedCertEntry,
Certificate fingerprint (MD5): EB:A3:71:66:38:5E:3E:F4:24:64:ED:97:52:E9:9F:1B
tomcat, Jun 22, 2012, trustedCertEntry,
Certificate fingerprint (MD5): EA:D0:43:F8:7F:D5:1C:4A:BA:A7:F4:64:A9:6A:A1:B0
primary, Jun 22, 2012, trustedCertEntry,
Certificate fingerprint (MD5): D6:6A:92:1C:83:BF:A2:AE:6F:99:5B:44:E7:C2:AB:2A
1, Jul 2, 2012, PrivateKeyEntry,
Certificate fingerprint (MD5): EA:D0:43:F8:7F:D5:1C:4A:BA:A7:F4:64:A9:6A:A1:B0
I'm pretty sure my Tomcat server.xml is ok but here it is too for the https connector:
<Connector port="443"
protocol="org.apache.coyote.http11.Http11Protocol"
maxHttpHeaderSize="8192"
SSLEnabled="true"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
URIEncoding="UTF-8"
keystorePass="xxxxxx"
keystoreFile="/keys/keystore.ks"
keyAlias="tomcat"/>
Any ideas? This is the first time i've done this so maybe ive messed up something blindingly obvious?
THe site works fine on port 80.
Would LOVE to hear some suggestions :)
843
"keyAlias: The alias used for the server key and certificate in the keystore. If not specified, the first key read from the keystore will be used. The order in which keys are read from the keystore is implementation dependent.
An alias is specified when you add an entity to the keystore using the -genseckey command to generate a secret key, -genkeypair command to generate a key pair (public and private key) or the -importcert command to add a certificate or certificate chain to the list of trusted certificates.
When you list alias with keytool, the alias name is what's before the comma for each entry. Here, you have 4 entries: secondary, tomcat, primary and 1. Only alias 1 is for a private key.
(Note that you can use a PKCS#12 file directly using keystoreType="PKCS12" instead.)
52
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
