Bamboo fails to start and Tomcat logs show "Alias name does not identify a key entry"
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
要約
After importing the SSL certificate to allow Bamboo to run over HTTPS, Bamboo/Tomcat does not start and the Tomcat log files (<bamboo-install>/logs/catalina.out) contain errors similar to the following:
Caused by: java.lang.IllegalArgumentException: Alias name [bamboo-dc] does not identify a key entry環境
All supported versions of Bamboo, configured to run over HTTPS.
診断
Reviewing the <bamboo-install>/logs/catalina.out right after starting Bamboo, the following error can be found (with a different Alias name):
21-Feb-2023 09:56:59.875 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1050)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:554)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1045)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:724)
at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:307)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477)
Caused by: java.lang.IllegalArgumentException: Alias name [bamboo-dc] does not identify a key entry
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:235)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1227)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1240)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:604)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:76)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1047)
... 13 moreYou can check if the keystore your Bamboo uses has the required certificate. In order to know which keystore and alias are being used, please check the keystoreFile and keyAlias properties inside the <bamboo-install>/conf/server.xml. Once you have that information, you can use the commands below to look for the certificates. Please make sure to replace KEYSTORE_PATH and ALIAS with their respective values.
keytool -list -v -keystore <KEYSTORE_PATH> -alias <ALIAS> If you can't find it, it could mean it hasn't been imported, or it has been generated with a different alias. For the latter, we can list all the certificates in the keystore to find the alias:
keytool -list -v -keystore <KEYSTORE_PATH>原因
Ultimately, the appropriate certificate is not in the Keystore. This could be because the server.xml has the incorrect keyAlias or keystoreFile set, or the keystore being used is not the correct one.
ソリューション
- Import the original private key into the keystore file being used by Bamboo. See Securing Bamboo with Tomcat using SSL for instructions.
- Verify that the
<bamboo_install>/conf/server.xmlhas the correctkeyAliasand keystoreFile set. - 適切な JVM を使用していることを確認します。
If you're still running into problems, please review Securing Bamboo with Tomcat using SSL.