Unable to start Tomcat due to java.io.IOException Alias name not identifying a key entry

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Symptoms

After importing the SSL certificate to allow the JIRA application to run over HTTPS, JIRA application/Tomcat will not start and log files contain errors similar to the following:

1 2 3 4 5 6 7 Apr 13, 2010 2:18:30 PM org.apache.coyote.http11.Http11Protocol init SEVERE: Error initializing endpoint java.io.IOException: Alias name 'jira.mycompany.com' does not identify a key entry at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:475) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:413) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:129) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:503)

Causes

There are a variety of causes for this error. Ultimately, the appropriate cert is not in the keystore. Some of the common scenarios include:

  • After an upgrade or server migration, the jre\lib\security\cacerts file has not been moved to the new cacerts location.

  • The keytool import statement did not run successfully.

  • The key in the keystore is for the wrong or outdated cert.

  • The wrong JVM is in use.

  • The Tomcat server.xml has the incorrect keyAlias set, so Tomcat is unable to locate the PrivateKeyEntry in the Java Key Store.

Resolution

  1. Import the original private key into the keystore or copy 'cacerts' file directory over to the new 'cacerts' location on the server. See Running JIRA applications over SSL or HTTPS for instructions.

  2. Verify that the <Jira_Installation_Directory>/conf/server.xml has the correct keyAlias set.

  3. Ensure that you are using the correct JVM.

If you're still running into problems please review Running JIRA applications over SSL or HTTPS.

Updated on April 8, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageSymptomsCausesResolution

Still need help?

The Atlassian Community is here for you.
Ask the Community