How to resolve : java.io.IOException: jsse.alias_no_key_entry

Question

I have a Debian virtual machine with Tomcat installed. I would like to install an SSL certificate so that my website is in Https.

I received the following certificat

Answer 1

Just had this issue, only with .p7b. This error means your keystore doesn't contain the original private key.

Please make sure your private key (.csr) is in the same keystore with the .p7b chain.

I followed these steps:

1. Generated a key with a keystore:

keytool -genkey -alias [alias_name] -keyalg RSA -keystore [enter_keystore_name] -keysize 2048

This command creates not only a key entry, but also a private key in the keystore. That's why it's important to import the .p7b into the same keystore.

2. Generated a CSR from this entry:

keytool -certreq -keyalg RSA -keysize 2048 -alias [alias_name] -file [csr_file_name] -keystore [keystore_name] -ext san=dns:[FQDN_of_server]

3. Imported the received signed .p7b into the same keystore (I recommend you to download the .p7b into the same folder your .csr and keystore are in):

keytool -import -alias [alias_name] -trustcacerts -file [ssl_certificate.p7b] -keystore [keystore_name]

If everything's done right, your keystore will contain the generated private key and the received .p7b.