Bamboo fails to start and Tomcat logs show "Alias name does not identify a key entry"
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
After importing the SSL certificate to allow Bamboo to run over HTTPS, Bamboo/Tomcat does not start and the Tomcat log files (<bamboo-install>/logs/catalina.out) contain errors similar to the following:
Caused by: java.lang.IllegalArgumentException: Alias name [bamboo-dc] does not identify a key entryEnvironment
All supported versions of Bamboo, configured to run over HTTPS.
Diagnosis
Reviewing the <bamboo-install>/logs/catalina.out right after starting Bamboo, the following error can be found (with a different Alias name):
21-Feb-2023 09:56:59.875 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1050)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:554)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1045)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:724)
at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:307)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477)
Caused by: java.lang.IllegalArgumentException: Alias name [bamboo-dc] does not identify a key entry
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:235)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1227)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1240)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:604)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:76)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1047)
... 13 moreYou can check if the keystore your Bamboo uses has the required certificate. In order to know which keystore and alias are being used, please check the keystoreFile and keyAlias properties inside the <bamboo-install>/conf/server.xml. Once you have that information, you can use the commands below to look for the certificates. Please make sure to replace KEYSTORE_PATH and ALIAS with their respective values.
keytool -list -v -keystore <KEYSTORE_PATH> -alias <ALIAS> If you can't find it, it could mean it hasn't been imported, or it has been generated with a different alias. For the latter, we can list all the certificates in the keystore to find the alias:
keytool -list -v -keystore <KEYSTORE_PATH>Cause
Ultimately, the appropriate certificate is not in the Keystore. This could be because the server.xml has the incorrect keyAlias or keystoreFile set, or the keystore being used is not the correct one.
Solution
- Import the original private key into the keystore file being used by Bamboo. See Securing Bamboo with Tomcat using SSL for instructions.
- Verify that the
<bamboo_install>/conf/server.xmlhas the correctkeyAliasand keystoreFile set. - Ensure that you are using the correct JVM.
If you're still running into problems, please review Securing Bamboo with Tomcat using SSL.