Configuring ssl/tls on tomcat

0
votes

I'm stuck with a problem with configuring ssl/tls on tomcat. The problem is as follows: I import my certificate using keytool command but when configuring server.xml, I get two issues: if I specify keyAlias attribute as:

<Connector
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8443" maxThreads="200" keyAlias="tomcat"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="/opt/tomcat/ssl/mykeystorefile.keystore" keystorePass="****"
           clientAuth="false" sslProtocol="TLS"/>

I get the exception:

org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:113) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.startup.Catalina.load(Catalina.java:632) at org.apache.catalina.startup.Catalina.load(Catalina.java:655) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) Caused by: org.apache.catalina.LifecycleException: L''initialisation du gestionnaire de protocole a échoué at org.apache.catalina.connector.Connector.initInternal(Connector.java:996) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) ... 12 more Caused by: java.lang.IllegalArgumentException: Le nom alias [tomcat] n'identifie pas une entrée de clef at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1086) at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68) at org.apache.catalina.connector.Connector.initInternal(Connector.java:993) ... 13 more Caused by: java.io.IOException: Le nom alias [tomcat] n'identifie pas une entrée de clef at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:229) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) ... 20 more

and when not specifying the attribute I get same exception with null instead of tomcat entry. Thanks for your help,

1
tomcatssl
Please post the entire stack trace, even if it's hundreds of lines long. What you have already posted doesn't include enough information.Christopher Schultz
Use keytool -list to show the keystore content. Maybe you missed one step when generating the private key, and importing its certificate.Eugène Adell

1 Answers

0
votes

Thanks for your help, I indeed missed including the private key in jks file. I followed that tutorial, and it worked: https://www.wowza.com/docs/How-to-request-an-SSL-certificate-from-a-certificate-authority