2

I have been given a .pem file and a password by the client company to add on JBOSS AS7 .

here is what i have done :

  1. keytool -import -alias runtime -file mymobile.com.pem -keystore /opt/my/ssl/my.keystore
  2. It prompts for the password for keystore and I pass the password given to me .
  3. After that it confirms the password and then asks if i trust the certificate
  4. On entering a YES ,it displays a message that certificate has been added to the keystore and keystore is generated at the specified path.
  5. Now I add the following in standalone.xml in my jboss: ssl name="ssl" key-alias="runtime" password="mypass" certificate-key-file="/opt/my/ssl/jboss.keystore" cipher-suite="ALL" protocol="TLS"

But when I restart the JBOSS . It throws me error :

2013-03-14 10:18:32,249 ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-22) Error initializing endpoint: java.io.IOException: **Alias name runtime does not identify a key entry**
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:517) [jbossweb-7.0.13.Final.jar:]
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452) [jbossweb-7.0.13.Final.jar:]
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168) [jbossweb-7.0.13.Final.jar:]
    at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.13.Final.jar:]
    at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.13.Final.jar:]

Please help me for this as I have pressure from the client for this ....

martijno
  • 1,723
  • 1
  • 23
  • 53
user111001
  • 21
  • 4
  • "Now I add the following" - you don't state what you've added to standalone.xml. – Simon Nickerson Mar 14 '13 at 21:40
  • hey Simon ....i have added what i did in standalone...reagrding the keystore ..please look if u have any clue – user111001 Mar 14 '13 at 21:53
  • Could you post your output for `keytool -list -v -alias runtime -keystore /opt/my/ssl/my.keystore` – Simon Nickerson Mar 14 '13 at 21:56
  • Is the original PEM file a PKCS12 file? If so, you might want to try `-importkeystore` instead of `-import` in the first keytool command. – martijno Mar 14 '13 at 22:04
  • here is the outout of the command u asked :Enter keystore password: runtime, Mar 14, 2013, trustedCertEntry, Certificate fingerprint (SHA1): 1D:27:97:E4:8B:86:45:96:47:1B:BB:F0:3D:F0:5C:BF:E6:CE:DB:B9 – user111001 Mar 14 '13 at 22:09
  • @Martijno hi .. if i use importkeystore .... i get following error keytool error: java.lang.Exception: Please specify -srckeystore – user111001 Mar 14 '13 at 22:11
  • Sounds like your issue is the same as http://stackoverflow.com/questions/8799660/tomcat-ssl-error-alias-name-does-not-identify-a-key-entry . Your file is a certificate, not a private key, which is what JBoss/Tomcat neeeds – Simon Nickerson Mar 14 '13 at 22:15
  • yeah ..i already read that ... but i learn that the tags mentioned there dont go with standalone.xml... Can u tell me what do i use in place of keystoreType tag .... – user111001 Mar 14 '13 at 22:27
  • I don't think you can fix this just by changing your configuration file. You're missing the private key, which Tomcat requires and which can't be generated from the certificate (which is what you've given it). – Simon Nickerson Mar 14 '13 at 22:35
  • See also http://www.java.net/forum/topic/glassfish/glassfish/alias-name-xxxx-does-not-identify-key-entry which looks relevant to your problem. – Simon Nickerson Mar 14 '13 at 22:36

0 Answers0