I believe the default certificate alias used by Tomcat is "tomcat". I think you are creating your keystore with the alias "root".
(see https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html for docs on Tomcat SSL configuration -- adjust for the version you are running) On Mon, Mar 20, 2023 at 9:09 PM Ralph Grove <rfgr...@icloud.com.invalid> wrote: > I'm having a problem installing a new SSL certificate on a GoDaddy-hosted > server running Tomcat. Any suggestions for resolving it would be > appreciated. > > I set up the server last year and installed the SSL certificate with no > problem. This year, after the original certificate expired, I downloaded > the new certificate provided by GoDaddy, removed the old certificate files > from the keystore, and installed the new ones. Now Tomcat is throwing a > "java.io.IOException: jsse.alias_no_key_entry" exception when it tries to > open the HTTPS connector. I also tried rebuilding the keystore from scratch > and requesting a new certificate, but am getting the same exception with > that certificate. > > These are the commands I used to obtain and install the certificate: > > sudo keytool -genkey -alias tomcat -keyalg RSA -keystore keystore.jks > > sudo keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr > -keystore keystore.jks > > (--request and obtain certificate files from GoDaddy--) > > sudo keytool -import -alias root -keystore keystore.jks -trustcacerts > -file gdcerts/gdroot-g2.crt > > sudo keytool -import -alias inter -keystore keystore.jks -trustcacerts > -file gdcerts/gd_bundle-g2-g1.crt > > sudo keytool -import -alias tomcat -keystore keystore.jks -file > gdcerts/xxxxxxxxxxxx.crt > > > > And this is the Tomcat configuration for the connector: > > <Connector port="8443" > protocol="org.apache.coyote.http11.Http11NioProtocol" > > maxThreads="150" SSLEnabled="true"> > > <SSLHostConfig> > > <Certificate certificateKeystoreFile="conf/keystore.jks" > > type="RSA" certificateKeystorePassword="xxxxxx" /> > > </SSLHostConfig> > > </Connector> > >
