Unable to start Tomcat due to java.io.IOException Alias name not identifying a key entry

Still need help?

The Atlassian Community is here for you.

Ask the community

This Knowledge Base article was written specifically for the Atlassian Server platform. Due to the Functional differences in Atlassian Cloud, the contents of this article cannot be applied to Atlassian Cloud applications.

Problem

The following appears in the atlassian-bitbucket.log:

2018-01-11 10:45:15,520 ERROR [main]  o.a.coyote.http11.Http11NioProtocol Failed to start end point associated with ProtocolHandler ["https-jsse-nio-8888"]
java.lang.IllegalArgumentException: java.io.IOException: Alias name [tomcat] does not identify a key entry
	at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:115)
	at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
	at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
	at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
	at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
	at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
	at com.atlassian.bitbucket.internal.boot.BitbucketServerApplication.start(BitbucketServerApplication.java:247)
	at com.atlassian.bitbucket.internal.boot.BitbucketServerApplication.main(BitbucketServerApplication.java:83)
	at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
	at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
	at com.atlassian.bitbucket.internal.launcher.BitbucketServerLauncher.start(BitbucketServerLauncher.java:151)
	at com.atlassian.bitbucket.internal.launcher.BitbucketServerLauncher.main(BitbucketServerLauncher.java:99)
	... 11 frames trimmed
Caused by: java.io.IOException: Alias name [tomcat] does not identify a key entry
	at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:224)
	... 16 common frames omitted
2018-01-11 10:45:15,528 ERROR [main]  o.a.catalina.core.StandardService Failed to start connector [Connector[HTTP/1.1-8888]]
org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-8888]]
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
	at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
	at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
	at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
	at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
	at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
	at com.atlassian.bitbucket.internal.boot.BitbucketServerApplication.start(BitbucketServerApplication.java:247)
	at com.atlassian.bitbucket.internal.boot.BitbucketServerApplication.main(BitbucketServerApplication.java:83)
	at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
	at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
	at com.atlassian.bitbucket.internal.launcher.BitbucketServerLauncher.start(BitbucketServerLauncher.java:151)
	at com.atlassian.bitbucket.internal.launcher.BitbucketServerLauncher.main(BitbucketServerLauncher.java:99)
	... 5 frames trimmed
Caused by: org.apache.catalina.LifecycleException: service.getName(): "Tomcat";  Protocol handler start failed
	at org.apache.catalina.connector.Connector.startInternal(Connector.java:1031)
	... 16 common frames omitted
Caused by: java.lang.IllegalArgumentException: java.io.IOException: Alias name [tomcat] does not identify a key entry


Cause

Cause 1:

This error points to a mismatch between the alias of the certificate in the JVM and the alias specified in bitbucket.properties. By default, Bitbucket Server looks for the alias tomcat. It's possible to find the list of aliases loaded in your keystore by running:

keytool -list -v -keystore {Path to Keystore File}

Cause 2:

If the keystore is missing private key and the certificate imported is a trustedCertEntry instead of PrivateKeyEntry or KeyEntry.

To verify that run the keytool command and list the certificates:

keytool -list -v -keystore mykeystore.jks -alias tomcat
Enter keystore password:
Alias name: tomcat
Creation date: Jan 22, 2018
Entry type: trustedCertEntry

Resolution 

For Cause 1

It's possible to override and specify the correct alias by adding the following property to bitbucket.properties:

server.ssl.key-alias={Alias Name}

For Cause 2

Ensure the certificates are imported as privatekey and certificate and not just trustedcertificate. 

Description

The following error in the atlassian-bitbucket.log: "Failed to start end point associated with ProtocolHandler ["https-jsse-nio-8888"]
java.lang.IllegalArgumentException: java.io.IOException: Alias name [tomcat] does not identify a key entry" points to a mismatch between the alias of the certificate in the JVM and the alias specified in bitbucket.properties.

Product Jira
Platform Server
Last modified on Oct 19, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.