Failed to load keystore type JKS with path x:\xxxx\xxx\jira.jks due to Illegal character in opaque part at index

Still need help?

The Atlassian Community is here for you.

Ask the community

Problem

After JIRA upgrade, accessing JIRA via HTTPS no longer works, HTTP does. 

 

The following appears in the catalina.out

21-June-2016 11:03:57.716 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[org.apache.coyote.http11.Http11Protocol-18091]]
 org.apache.catalina.LifecycleException: Failed to initialize component [Connector[org.apache.coyote.http11.Http11Protocol-8081]]
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
	at org.apache.catalina.core.StandardService.initInternal(StandardService.java:568)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
	at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:869)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:580)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:603)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:962)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
	... 12 more
Caused by: java.io.IOException: Failed to load keystore type JKS with path D:\Program Files\JIRA\jira.jks due to Illegal character in opaque part at index 2: D:\Program Files\JIRA\jira.jks
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:464)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:355)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:608)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:548)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:493)
	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:221)
	at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:360)
	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:750)
	at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:458)
	at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120)
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:960)
	... 13 more

Cause

The certificate was somehow missing in the keystore. This can be verified by running the JIRA Configuration Tool and check the certificate in the key store.

Resolution

Adding the certificate back to the keystore allows JIRA to be accessible via HTTPS again.

Last modified on Aug 24, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.