Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
976 views
in Technique[技术] by (71.8m points)

ssl - How to resolve : java.io.IOException: jsse.alias_no_key_entry

I have a Debian virtual machine with Tomcat installed. I would like to install an SSL certificate so that my website is in Https.

I received the following certificate files with my VM:

my-domain.cer  my-domain.chain.crt.pem  my-domain.crt.pem
my-domain.csr  my-domain.key  my-domain.ch.p7c

I created a keystore with the following command :

keytool -import -trustcacerts -alias tomcat -keystore keystore.jks -file my-domain.cer

Then, I modified the file conf/server.xml file with the following code:

<Connector acceptCount="100" bindOnInit="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
        maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" useBodyEncodingForURI="true"
        keyAlias="tomcat" keystoreFile="/usr/local/tomcat/ssl/keystore.jks" keystorePass="PASSWORD" keystoreType="JKS"
        port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true"
        sslEnabledProtocols="TLSv1.2,TLSv1.3" SSLEnabled="true" clientAuth="false"/>

Unfortunately, I get the following error when starting tomcat :

 org.apache.catalina.LifecycleException: Protocol handler initialization failed
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:535)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1055)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:585)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:608)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:306)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:491)
Caused by: java.lang.IllegalArgumentException: jsse.alias_no_key_entry
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
        at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:224)
        at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1103)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1116)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:557)
        at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
        ... 13 more
Caused by: java.io.IOException: jsse.alias_no_key_entry
        at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:330)
        at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:104)
        at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:239)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
        ... 20 more

I do not understand where it can come from. Because my alias is however the good one ...

Thank you in advance for your help

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

In my case, the cause of this issue was that the SSL key alias present in the application was not same as the alias passed while creating the certificate.

keytool -genkeypair -keyalg RSA -alias dummyApp -keystore dummy-app.p12 -storepass password -validity 3650 -keysize 2048 -dname "CN=dummy-app, OU=Enterprise, O=Test, L=Unknown, ST=Unknown, C=US" -storetype pkcs12

To fix, this I had to correct the value of the server.ssl.key-alias property. As per the above SSL generation example, its value should be dummyApp.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...