Spring boot after https: The Tomcat connector configured to listen on port 8444 failed to start.

I too had the same problem and was able to fix it. My problem was generating the keystore.p12 file.

If you have a certificate file and private key file, you can generatekeystore.p12 file using following command.

openssl pkcs12 -export -in <mycert.crt> -inkey <mykey.key> -out keystore.p12 -name <alias>

You will be prompted for a password,there you can enter a password you like. Once the keystore file is generated copy it to the directory where your .jar file exist.

Following is a working example configuration.

server.port=8443
security.require-ssl=true
server.ssl.key-store-type=PKCS12
server.ssl.key-store=file:keystore.p12
server.ssl.key-store-password=<password>
server.ssl.key-alias=<alias>

Note the key store file path file:keystore.p12 if it is going to reside in the same directory as the executable .jar file.


I solved the same issue by using the following configuration

# Define a custom port instead of the default 8080
server.port=8443
# Tell Spring Security (if used) to require requests over HTTPS
security.require-ssl=true
# The format used for the keystore 
server.ssl.key-store-type=PKCS12
# The path to the keystore containing the certificate
server.ssl.key-store=src/main/resources/keystore.p12
# The password used to generate the certificate
server.ssl.key-store-password=root0

I removed alias name and it worked perfectly. "You probably won't need a key alias, since there will only be one key entry" referred from TOMCAT SSL Error: Alias name does not identify a key entry


From Spring Boot 2.0 and higher, you can ignore this property.

security.require-ssl=true

To enable SSL, use the below configuration in your application.properties

The format used for the keystore

server.ssl.key-store-type=JKS

The path to the keystore containing the certificate

server.ssl.key-store=classpath:somecert.jks

The password used to generate the certificate

server.ssl.key-store-password=password

The alias mapped to the certificate

server.ssl.key-alias=alias_name

Note : server.ssl.key-store refers to the keystore location. Use classpath prefix, if it is present in src/main/resources. Otherwise use, file:/some/location.