Tomcat - null pointer exception when starting with SSL connector

Question

I want to add SSL possibilities to my Tomcat 9.0 server. As Tomcat's instruction said, I've generated a key with keytool and added a following connector to server.xml file

<Connector
       protocol="org.apache.coyote.http11.Http11NioProtocol"
       port="8443" maxThreads="200"
       scheme="https" secure="true" SSLEnabled="true"
       keystoreFile="C:\Moje_programy\spring\apache-tomcat-9.0.0.M11\klucz" keystorePass="samplepassword"
       clientAuth="false" sslProtocol="TLS"/>

When I'm trying to start server I'm getting the following error (and ssl port is not working):

12-Nov-2016 13:06:18.187 WARNING [main] org.apache.tomcat.util.net.openssl.OpenSSLContext.init Error initializ ing SSL context  java.lang.NullPointerException
        at org.apache.tomcat.util.net.openssl.OpenSSLContext.init(OpenSSLContext.java:276)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:80)
        at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:866)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:575)
        at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:944)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:105)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:105)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:105)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)

I don't know if it's some bug, or I made something incorrect..

Answer 1

The solution is suprising, but during key generation, alias property must be set to "tomcat"

There is my example:

c:\Program Files\Java\jdk1.8.0_112\bin>keytool -genkey -alias tomcat -keyalg RSA -keystore C:\Moje_programy\spring\apache-tomcat-9.0.0.M11\klucz

Answer 2

I found another answer assisted by your answer as well. You can have custom certificate alias and my method like below

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="<path to keystore>\myks.jks"
            certificateKeystorePassword="abc123"
            certificateKeyAlias="giganet.com"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>