I have a existing certificate (abc.crt) on Jboss server. This certificate is used in existing application to authenticate users from other system. Now I am working on migrating this application from Jboss to Tomcat 9.
Based on some online information, I have come to know to follow below steps to import the certificate in tomcat
- Create keystore
keytool -importcert -file abc.crt -keystore xyz.jks -alias=pingfedcert
- Modify server.xml and add connector
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" /> <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="conf/xyz.jks" keystorePass="pingfed12" keyAlias="pingfedcert" />
Tomcat server restart and I get below error on server restart
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-443]] org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:1049) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:556) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1042) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.startup.Catalina.load(Catalina.java:724) at org.apache.catalina.startup.Catalina.load(Catalina.java:746) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475) Caused by: java.lang.IllegalArgumentException: Alias name [pingfedcert] does not identify a key entry at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:234) at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1227) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1240) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:603) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80) at org.apache.catalina.connector.Connector.initInternal(Connector.java:1046) ... 13 more Caused by: java.io.IOException: Alias name [pingfedcert] does not identify a key entry at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:337) at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:98) at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:105)
As I am new to tomcat, not sure whats wrong with these steps. Any idea?
