On 21/03/2023 01:09, Ralph Grove wrote:
I'm having a problem installing a new SSL certificate on a GoDaddy-hosted
server running Tomcat. Any suggestions for resolving it would be appreciated.
I set up the server last year and installed the SSL certificate with no problem. This
year, after the original certificate expired, I downloaded the new certificate provided
by GoDaddy, removed the old certificate files from the keystore, and installed the new
ones. Now Tomcat is throwing a "java.io.IOException: jsse.alias_no_key_entry"
exception when it tries to open the HTTPS connector. I also tried rebuilding the keystore
from scratch and requesting a new certificate, but am getting the same exception with
that certificate.
These are the commands I used to obtain and install the certificate:
sudo keytool -genkey -alias tomcat -keyalg RSA -keystore keystore.jks
sudo keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore
keystore.jks
(--request and obtain certificate files from GoDaddy--)
Did you run the commands below on the same keystore file you created in
the first command above?
sudo keytool -import -alias root -keystore keystore.jks -trustcacerts -file
gdcerts/gdroot-g2.crt
sudo keytool -import -alias inter -keystore keystore.jks -trustcacerts -file
gdcerts/gd_bundle-g2-g1.crt
sudo keytool -import -alias tomcat -keystore keystore.jks -file
gdcerts/xxxxxxxxxxxx.crt
What is the output of:
keytool -list -v -keystore keystore.jks
And this is the Tomcat configuration for the connector:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/keystore.jks"
type="RSA" certificateKeystorePassword="xxxxxx" />
</SSLHostConfig>
</Connector>
The connector configuration looks OK.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
