Bootstrap FreeKB - Tomcat - Resolve "Alias name does not identify a key entry"
Tomcat - Resolve "Alias name does not identify a key entry"
Updated:   |  Tomcat articles

Let's say you are getting something like this in your Tomcat application server logs, such as catalina.log or catalina.out.

09-Feb-2023 02:54:09.779 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-8443]]
        org.apache.catalina.LifecycleException: Protocol handler initialization failed
        Caused by: java.lang.IllegalArgumentException: Alias name [example.com] does 
        Caused by: java.io.IOException: Alias name [example.com] does not identify a key entry

 

Your Tomcat server.xml file may have the keyAlias and the keystoreFile that contains the key.

<Connector 
  port="8443" 
  protocol="HTTP/1.1" 
  SSLEnabled="true" 
  maxThreads="150" 
  scheme="https" 
  secure="true"
  clientAuth="false"
  sslProtocol="TLS" 
  keystoreFile="keystore.p12" 
  keystorePass="itsasecret" 
  keyAlias="www.example.com"
/>

 

The Java keytool command can be used to list the contents of the keystore.

~]$ keytool -keystore /path/to/keystore.p12 -storetype pkcs12 -list
Keystore type: PKCS12
Keystore provider: SUN


Your keystore contains 2 entries

DigiCert, Aug 21, 2023, trustedCertEntry, 
Certificate fingerprint (SHA1): 1E:0C:EB:DC:CA:E3:DC:16:76:77:EE:BE:91:9B:43:3D:9D:10:15:8E
GoDaddy, Oct 14, 2023, trustedCertEntry, 
Certificate fingerprint (SHA1): 8A:7B:10:43:A1:BE:78:D0:CF:12:9F:02:8C:99:F2:3D:1A:69:81:1D
example.com, May 12, 2023, PrivateKeyEntry,
Certificate fingerprint (SHA1): D0:80:B9:77:80:F9:DA:FF:77:54:4F:36:B1:A8:03:6F:25:EE:1C:72

 

The Java keytool command with the -alias and -v (verbose) flag can be used to display the details of a trustedCertEntry or PrivateKeyEntry in the keystore. The Alias name of the trustedCertEntry or PrivateKeyEntry should be an exact match of the keyAlias in your Tomcat server.xml file.

~]# keytool -keystore /path/to/keystore.p12 -storetype pkcs12 -list -v -alias example.com

Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: example.com
Creation date: Feb 10, 2023
Entry type: PrivateKeyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=www.example.com, OU=Information Technology, O=Acme, L=Appleton, ST=WI, C=US
Issuer: CN=IntermediateCA, DC=example, DC=com
Serial number: 3a000001d8af30a16a44402b790001000001d8
Valid from: Wed Jun 29 14:30:15 UTC 2022 until: Thu Jun 29 14:30:15 UTC 2023
Certificate fingerprints:
         SHA1: D0:80:B9:77:80:F9:DA:FF:77:54:4F:36:B1:A8:03:6F:25:EE:1C:72
         SHA256: 14:8C:CD:59:A9:C4:48:45:33:28:C3:AE:E7:6C:B6:1E:0A:F5:3B:9C:64:E5:BB:02:69:30:81:D9:6D:5F:06:AD
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 05ecd0 in the box below so that we can be sure you are a human.