Reputation: 1562
Spring Boot fails reading certificate with IllegalArgumentException: jsse.alias_no_key_entry
I developed an application and I uploaded to my domain. The host provides me a wildcard certificate to use, so I tried to add it into my application. I don't know if I am doing the right steps or what.
So, this is what I did:
- I downloaded the certificate (
last.cer) - I created a keystore from that certificate:
- That created
last.p12, which I put intoresources/keystore/
This is my configuration:
The key-password is the one I put in the host provider in order to download the certificate.
I also added the ServletWebServerFactory.
When I start up the application, I get this:
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1038) ~[tomcat-embed-core-9.0.31.jar:9.0.31]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) ~[tomcat-embed-core-9.0.31.jar:9.0.31]
at org.apache.catalina.core.StandardService.addConnector(StandardService.java:227) ~[tomcat-embed-core-9.0.31.jar:9.0.31]
... 17 common frames omitted
Caused by: java.lang.IllegalArgumentException: jsse.alias_no_key_entry
But the alias is "carlos" in both places.
Upvotes: 0
Views: 990
Answers (1)
Reputation: 38921
You need the private key. (but not a biscuit :)
Mostly dupe How to resolve : jno_key_entry and How to resolve : java.io.IOException: jsse.alias_no_key_entry except you don't admit to having the privatekey.
If the host 'provides' the cert in response to your request -- especially if you created the Certificate Signing Request (CSR) -- then you must have the privatekey; use it. If the 'host', or possibly the CA, or somebody else created this identity for you, get the privatekey from them. Depending on the form you have or get, the method to use it may vary some.
Also, writing/modifying files under Program Files (x86) on Windows is a bad idea. These changes may fail outright or disappear. Microsoft has officially stated since the 1990s that files in the %PROGRAMFILES*% directory(ies) should not be modified and data should go under (the places now known as) %PROGRAMDATA% %USERPROFILE% or %ALLUSERSPROFILE% as applicable. Viruses and malware often work by illegitimately modifying %PROGRAMFILES*%, so recentish versions of Windows -- at least 8 and 10 and the Server versions, I don't recall about 7 for sure -- as well as antivirus and other security products have gotten more aggressive about prohibiting or discarding attempts to change these files. Since you actually want this file elsewhere anyway -- in your server application directory (or jar? you're not clear) -- just write it there to start with.
Upvotes: 2
Related Questions
- Error: unable to verify the first certificate - Springboot
- Spring boot embedded tomcat not loading SSL keystore file from classpath
- spring boot - IOException: Alias name [keycert] does not identify a key entry #13
- SSLException: Received fatal alert: certificate_unknow
- After adding ssl certificate spring boot application fails to start
- Spring boot catch SSLHandshakeException
- How to resolve : java.io.IOException: jsse.alias_no_key_entry
- SpringBoot fails to start due to jsse.alias_no_key_entry using JKS with GoDaddy signed certificate
- spring boot https with valid cert get ERR_SSL_VERSION_OR_CIPHER_MISMATCH, self signed works fine
- Spring Boot: RSA works, JKS doesn't