Symptoms

After importing the SSL certificate to allow the JIRA application to run over HTTPS, JIRA application/Tomcat will not start and log files contain errors similar to the following:

Apr 13, 2010 2:18:30 PM org.apache.coyote.http11.Http11Protocol init
SEVERE: Error initializing endpoint
java.io.IOException: Alias name 'jira.mycompany.com' does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:475)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:413)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:129)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:503)

Causes

There are a variety of causes for this error. Ultimately, the appropriate cert is not in the keystore. Some of the common scenarios include:

• After an upgrade or server migration, the jre\lib\security\cacerts file has not been moved to the new cacerts location.
• The keytool import statement did not run successfully.
• The key in the keystore is for the wrong or outdated cert.
• The wrong JVM is in use.
• The Tomcat server.xml has the incorrect keyAlias set, so Tomcat is unable to locate the PrivateKeyEntry in the Java Key Store.

Resolution

1. Import the original private key into the keystore or copy 'cacerts' file directory over to the new 'cacerts' location on the server. See Running JIRA applications over SSL or HTTPS for instructions.
2. Verify that the <Jira_Installation_Directory>/conf/server.xml has the correct keyAlias set.
3. Ensure that you are using the correct JVM.

If you're still running into problems please review Running JIRA applications over SSL or HTTPS.