0

I have a ssl certicate provided by globalsign. I want to import the certificate to use it with tomcat.

I am doing the following operation

Importing chain certificate

keytool -import -alias root11 -keystore server11.p12 -trustcacerts -file chain.pem -keyalg RSA -keysize 2048 -storetype PKCS12

Importing certificate

keytool -import -alias tomcatroot11 -keystore server11.p12 -trustcacerts -file file.cert -keyalg RSA -keysize 2048 -storetype PKCS12

In application.properties

server.ssl.key-store= /Users/Desktop/certificate/server11.p12
server.ssl.key-store-password= password
server.ssl.keyStoreType= PKCS12
server.ssl.keyAlias= tomcatroot11

I am getting the following error on start up of tomcat

java.lang.IllegalArgumentException: java.io.IOException: Alias name [hcmroot11] does not identify a key entry
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) ~[tomcat-embed-core-8.5.16.jar:8.5.16]

What am i doing wrong?

Sam
  • 1,298
  • 6
  • 30
  • 65

1 Answers1

0

You have imported only the certificates, not any privatekey. SSL/TLS server needs a privatekey AND certficate or usually cert chain. See dupe Java SSLHandshakeException: no cipher suites in common (which has additional links) or crossdupe https://serverfault.com/questions/858102/jboss-https-configuration-with-cer-p7b-certificate-fails (the webserver component of Jboss is a fork of Tomcat).

-keyalg and -keysize are used only for -genkeypair, if you choose the approach of generating the key and (then) CSR in Java with keytool. They are useless and ignored on -importcert because it is impossible to modify any attribute(s) of an already-certified key.

dave_thompson_085
  • 34,712
  • 6
  • 50
  • 70