java.io.IOException で Alias name がキー エントリを特定できなくなっているため に Tomcat を開始できない
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
問題
The following appears in the atlassian-bitbucket.log:
2018-01-11 10:45:15,520 ERROR [main] o.a.coyote.http11.Http11NioProtocol Failed to start end point associated with ProtocolHandler ["https-jsse-nio-8888"]
java.lang.IllegalArgumentException: java.io.IOException: Alias name [tomcat] does not identify a key entry
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:115)
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
at com.atlassian.bitbucket.internal.boot.BitbucketServerApplication.start(BitbucketServerApplication.java:247)
at com.atlassian.bitbucket.internal.boot.BitbucketServerApplication.main(BitbucketServerApplication.java:83)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at com.atlassian.bitbucket.internal.launcher.BitbucketServerLauncher.start(BitbucketServerLauncher.java:151)
at com.atlassian.bitbucket.internal.launcher.BitbucketServerLauncher.main(BitbucketServerLauncher.java:99)
... 11 frames trimmed
Caused by: java.io.IOException: Alias name [tomcat] does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:224)
... 16 common frames omitted
2018-01-11 10:45:15,528 ERROR [main] o.a.catalina.core.StandardService Failed to start connector [Connector[HTTP/1.1-8888]]
org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-8888]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
at com.atlassian.bitbucket.internal.boot.BitbucketServerApplication.start(BitbucketServerApplication.java:247)
at com.atlassian.bitbucket.internal.boot.BitbucketServerApplication.main(BitbucketServerApplication.java:83)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at com.atlassian.bitbucket.internal.launcher.BitbucketServerLauncher.start(BitbucketServerLauncher.java:151)
at com.atlassian.bitbucket.internal.launcher.BitbucketServerLauncher.main(BitbucketServerLauncher.java:99)
... 5 frames trimmed
Caused by: org.apache.catalina.LifecycleException: service.getName(): "Tomcat"; Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1031)
... 16 common frames omitted
Caused by: java.lang.IllegalArgumentException: java.io.IOException: Alias name [tomcat] does not identify a key entry
原因
原因 1:
This error points to a mismatch between the alias of the certificate in the JVM and the alias specified in bitbucket.properties. By default, Bitbucket Server looks for the alias tomcat. It's possible to find the list of aliases loaded in your keystore by running:
keytool -list -v -keystore {Path to Keystore File}原因 2:
If the keystore is missing private key and the certificate imported is a trustedCertEntry instead of PrivateKeyEntry or KeyEntry.
To verify that run the keytool command and list the certificates:
keytool -list -v -keystore mykeystore.jks -alias tomcat
Enter keystore password:
Alias name: tomcat
Creation date: Jan 22, 2018
Entry type: trustedCertEntryソリューション
For Cause 1
It's possible to override and specify the correct alias by adding the following property to bitbucket.properties:
server.ssl.key-alias={Alias Name}For Cause 2
Ensure the certificates are in the proper format and has the complete chain, private key, intermediate and root ca. The Secure Bitbucket with Tomcat using SSL document has some reference examples on how to generate and import the certificates into Bitbucket's key-store.