When you are setting up SSL and this message appears in the log (where xxx is the alias you have setup):
Alias name [xxxx] does not identify a key entry
Example of log:
Caused by: java.lang.IllegalArgumentException: Alias name [cast] does not identify a key entry at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107) ~[tomcat-embed-core-9.0.63.jar!/:na] at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) ~[tomcat-embed-core-9.0.63.jar!/:na] at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:234) ~[tomcat-embed-core-9.0.63.jar!/:na] at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1227) ~[tomcat-embed-core-9.0.63.jar!/:na] at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1313) ~[tomcat-embed-core-9.0.63.jar!/:na] at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:614) ~[tomcat-embed-core-9.0.63.jar!/:na] at org.apache.catalina.connector.Connector.startInternal(Connector.java:1072) ~[tomcat-embed-core-9.0.63.jar!/:na]
|
Observed in CAST AIP
|
Observed in RDBMS
|
Step by Step scenario Encountered error in logs |
Action Plan
The issue normally occurs because the key stored in the Java keystore is a certificate only entry and the configuration requires the entry to be a certificate/key pair in the Java keystore. This can happen if you were provided a key and certificate separately (*.pem and *.crt file normally). The best solution is to go back to the person who provided this and get a *.pk7 format file and passphrase which would have both the key and certificate in the file, and then import this into the keystore. Otherwise you need to somehow gain access to the openssl tool and do something like the following (see Secure Socket Layer (SSL) Tools for information on keytool and openssl):
If the above steps do not solve your issue contact CAST Technical Support. with the following Relevant input |
Relevant input
|
Ticket # 38360 |
Comments