SpringBoot fails to start due to jsse.alias_no_key_entry using JKS with GoDaddy signed certificate

Question

I am trying to secure my SpringBoot server with SSL. I've generated a keystore and CSR. I received the intermediate and domain certificate from GoDaddy. I imported those into my keystore that was used to generate the CSR.

I used the following commands to generate the keystore and CSR.

keytool -genkey -alias server-alias -keyalg RSA -keysize 2048 -keystore keystore.jks -dname "CN=name,OU=Unit, O=Org, L=NoWhere, ST=NoWhere, C=CA"
keytool -certreq -alias server-alias -file domain.csr -keystore keystore.jks

In my SpringBoot application, I have the following configurations in my applications.properties file.

server.ssl.key-store-type=JKS
server.ssl.key-store=location/keystore.jks
server.ssl.key-store-password=password
server.ssl.key-alias=server-alias
security.require-ssl=true

I received the follow exception cause on startup:

Caused by: java.io.IOException: jsse.alias_no_key_entry
    at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:317)
    at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:239)
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
    ... 20 common frames omitted

I would really appreciate any help. Thanks!

Answer 1

There seem to be (at least) a couple reasons that this can occur:

1. The keystore contains a cert but not a private key ... or at least not the right key. See How to resolve : java.io.IOException: jsse.alias_no_key_entry
2. You have simply configured the wrong alias; if you enter an alias that does not exist in the keystore, you will get this same error.

The alias being looked up needs to exist in the keystore, and the associated private key needs to exist there (not just the cert.) If those conditions aren't met, it will throw this error.