Tomcat unable to find the keystore
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
After enabling SSL, Confluence is not responsive through the secure port
Environment
7.4.0
Diagnosis
Secure port not working
Confluence working through HTTP and the local port(e.g 8090)
The following error appears on catalina.out:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 1923-Jun-2020 02:20:23.067 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-8443]] org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:1013) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:303) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473) Caused by: java.lang.IllegalArgumentException: Cannot obtain URL for the relative path [C:\Users\admin\.keystore]. Check that catalina.base is set. at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:217) Caused by: java.lang.IllegalArgumentException: Illegal character in opaque part at index 2: C:\Users\admin\.keystore at java.base/java.net.URI.create(Unknown Source) at java.base/java.net.URI.resolve(Unknown Source) at org.apache.catalina.startup.CatalinaBaseConfigurationSource.getURI(CatalinaBaseConfigurationSource.java:147) at org.apache.catalina.startup.CatalinaBaseConfigurationSource.getResource(CatalinaBaseConfigurationSource.java:108) ... 25 more Caused by: java.net.URISyntaxException: Illegal character in opaque part at index 2: C:\Users\admin\.keystore at java.base/java.net.URI$Parser.fail(Unknown Source) at java.base/java.net.URI$Parser.checkChars(Unknown Source)
Cause
There are a number of possible causes for this message:
Tomcat is unable to find the keystore path that was added to the server.xml file.
The keystore path in the server.xml file has an extraneous space character.
The certificate is not present or correct within the keystore.
If Confluence is being started by a Windows service and the keystore is outside of the Confluence installation, the ID used to run the Windows service does not have full permission to the keystore file.
Solution
If using Windows, sometimes the "\" character in the path needs to be escaped as shown below:
Stop Confluence.
Go to <install-dir>/conf.
Edit the server.xml file.
Update the "keystoreFile" path from
1
keystoreFile="C:\Users\admin\.keystore"5. Change to
1
keystoreFile="C:\\Users\\admin\\.keystore"Also, inspect the path so that there's no extra space character trailing the path and the closing /> end tag:
1
keystoreFile="C:\\Users\\admin\\.keystore"/>To check whether the certificate resides within the keystore, use the keytool command from the command line or a certificate inspection utility like Portecle. This is described in How to import a public SSL certificate into a JVM.
And finally, if Confluence is being started via a Windows service, ensure that the ID used to run the service has full permissions to the keystore file.
Was this helpful?