Tomcat fails to find a key entry in keystore

https ssl tomcat

For anyone else who stumbles upon this: The key (pun not intended) is to import your certificate using the same alias as the one you used to originally create they keystore (along with its private key) when you ran 'keytool -genkey-alias myalias ...' -- this is how Tomcat ties the private key with your new certificate when it is imported.

Basically, like other commenters said, in the end your own cert should NOT show as a "trustedCertEntry" in a 'keytool -list' -- it needs to be a "PrivateKeyEntry", see below example:

keytool -list -keystore sample.keystore

Your keystore contains 1 entry
example, Aug 28, 2018, PrivateKeyEntry,
Certificate fingerprint (SHA1): 12:E0:20:64:92:8A(...)

You can find out the original alias by running 'keytool -list', and looking for the PrivateKeyEntry entry. If all goes well when you import your new CA-provided cert (i.e., you use the same alias and your keys match), the new cert will be automagically absorbed into the PrivateKeyEntry. This is the alias you'll need to refer to in Tomcat's server.xml file.

Related

Limiting the amount of guests on a Hyper-V host
KVM: maximum number of cores and amount of memory for VMs
How to safeguard a shell script against running out of control?
Why won't this apt pinning stick?
How can I apt-pin stable?
'pip install carbon' looks like it works, but pip disagrees afterward
Forwarding linux terminal from serial port to TCP with socat
public ip resolves externally but not internally
I can't ssh into a remote server when it runs out of memory even though the swap isn't fully used
Requests in IIS' "SendResponse" state stuck for a long time; Slow IIS 7.5/ASP.NET 4.0 web application
Is it possible to redirect (or create an alias) so that requests for a default instance of SQL redirect to a named instance?
Why are my remote shells talking to me in Italian?