Tomcat unable to find the keystore

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

    

Summary

After enabling SSL, Confluence is not responsive through the secure port

Environment

7.4.0

Diagnosis

  • Secure port not working
  • Confluence working through HTTP and the local port(e.g 8090)

  • The following error appears on catalina.out:

    23-Jun-2020 02:20:23.067 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-8443]]
	org.apache.catalina.LifecycleException: Protocol handler initialization failed
		at org.apache.catalina.connector.Connector.initInternal(Connector.java:1013)
		at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
		at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:303)
		at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
	Caused by: java.lang.IllegalArgumentException: Cannot obtain URL for the relative path [C:\Users\admin\.keystore]. Check that catalina.base is set.
		at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
		at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
		at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:217)
	Caused by: java.lang.IllegalArgumentException: Illegal character in opaque part at index 2: C:\Users\admin\.keystore
		at java.base/java.net.URI.create(Unknown Source)
		at java.base/java.net.URI.resolve(Unknown Source)
		at org.apache.catalina.startup.CatalinaBaseConfigurationSource.getURI(CatalinaBaseConfigurationSource.java:147)
		at org.apache.catalina.startup.CatalinaBaseConfigurationSource.getResource(CatalinaBaseConfigurationSource.java:108)
		... 25 more
	Caused by: java.net.URISyntaxException: Illegal character in opaque part at index 2: C:\Users\admin\.keystore
		at java.base/java.net.URI$Parser.fail(Unknown Source)
		at java.base/java.net.URI$Parser.checkChars(Unknown Source)

Cause

There are a number of possible causes for this message:

  • Tomcat is unable to find the keystore path that was added to the server.xml file.
  • The keystore path in the server.xml file has an extraneous space character.
  • The certificate is not present or correct within the keystore.
  • If Confluence is being started by a Windows service and the keystore is outside of the Confluence installation, the ID used to run the Windows service does not have full permission to the keystore file. 

Solution

If using Windows, sometimes the "\" character in the path needs to be escaped as shown below:

  1. Stop Confluence.
  2. Go to <install-dir>/conf.
  3. Edit the server.xml file.
  4. Update the "keystoreFile" path from
keystoreFile="C:\Users\admin\.keystore"

      5. Change to

keystoreFile="C:\\Users\\admin\\.keystore"

Also, inspect the path so that there's no extra space character trailing the path and the closing /> end tag:

keystoreFile="C:\\Users\\admin\\.keystore"/>

To check whether the certificate resides within the keystore, use the keytool command from the command line or a certificate inspection utility like Portecle.  This is described in How to import a public SSL certificate into a JVM.

And finally, if Confluence is being started via a Windows service, ensure that the ID used to run the service has full permissions to the keystore file.


Last modified on Sep 21, 2022

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.