Pressed send too quickly -- I see different aliases there. Ignore my previous comments....
Using PEM files is much simpler to manage, I would go that route instead... will make it easier. However, I can't offer any real advice on the specific issue at this time... Others will certainly be more helpful than I...sorry. On Mon, Mar 20, 2023 at 9:14 PM Robert Turner <rtur...@e-djuster.ca> wrote: > I believe the default certificate alias used by Tomcat is "tomcat". I > think you are creating your keystore with the alias "root". > > (see https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html for docs on > Tomcat SSL configuration -- adjust for the version you are running) > > On Mon, Mar 20, 2023 at 9:09 PM Ralph Grove <rfgr...@icloud.com.invalid> > wrote: > >> I'm having a problem installing a new SSL certificate on a GoDaddy-hosted >> server running Tomcat. Any suggestions for resolving it would be >> appreciated. >> >> I set up the server last year and installed the SSL certificate with no >> problem. This year, after the original certificate expired, I downloaded >> the new certificate provided by GoDaddy, removed the old certificate files >> from the keystore, and installed the new ones. Now Tomcat is throwing a >> "java.io.IOException: jsse.alias_no_key_entry" exception when it tries to >> open the HTTPS connector. I also tried rebuilding the keystore from scratch >> and requesting a new certificate, but am getting the same exception with >> that certificate. >> >> These are the commands I used to obtain and install the certificate: >> >> sudo keytool -genkey -alias tomcat -keyalg RSA -keystore keystore.jks >> >> sudo keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr >> -keystore keystore.jks >> >> (--request and obtain certificate files from GoDaddy--) >> >> sudo keytool -import -alias root -keystore keystore.jks -trustcacerts >> -file gdcerts/gdroot-g2.crt >> >> sudo keytool -import -alias inter -keystore keystore.jks -trustcacerts >> -file gdcerts/gd_bundle-g2-g1.crt >> >> sudo keytool -import -alias tomcat -keystore keystore.jks -file >> gdcerts/xxxxxxxxxxxx.crt >> >> >> >> And this is the Tomcat configuration for the connector: >> >> <Connector port="8443" >> protocol="org.apache.coyote.http11.Http11NioProtocol" >> >> maxThreads="150" SSLEnabled="true"> >> >> <SSLHostConfig> >> >> <Certificate certificateKeystoreFile="conf/keystore.jks" >> >> type="RSA" certificateKeystorePassword="xxxxxx" /> >> >> </SSLHostConfig> >> >> </Connector> >> >> > >
