Unable to bind HTTPS port due to java.io.IOException: Invalid keystore format

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

Bamboo is unable to bind the secure port after setting the HTTPS configuration.

Diagnosis

The following error can be found in <Bamboo_Install>/logs/catalina.out:

1 2 3 4 5 6 7 22-Jan-2018 22:48:34.738 SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["http-nio-8443"] java.io.IOException: Invalid keystore format at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) at java.security.KeyStore.load(KeyStore.java:1445)

Causes

  1. The keystore file has a proprietary format

  2. The property keystoreFile is not pointing to the correct file.

Resolution

  1. Make sure you create the keystore file is created as described in Securing Bamboo with Tomcat using SSL

  2. Set the keystoreFile connector property (at <Bamboo_Install>/conf/server.xml) as specified below:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 <Connector port="8443" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" disableUploadTimeout="true" acceptCount="100" enableLookups="false" maxHttpHeaderSize="8192" useBodyEncodingForURI="true" URIEncoding="UTF-8" keystoreFile="<NEW_KEYSTORE_PATH>/.keystore" scheme="https" secure="true" SSLEnabled="true" sslProtocol="TLS" clientAuth="false" />
Updated on April 15, 2025
Platform
Data Center only
Product
Bamboo Data Center
On this pageProblemDiagnosisCausesResolution

Still need help?

The Atlassian Community is here for you.
Ask the Community