I was also fighting with this error message "Alias name XXXXX does not identify a key entry".
I admit I'm new to SSL certificates and its concepts so your post didn't quite make sense to me until now.
What I had been doing was:
1) generate a self signed certificate, configure server.xml and all works fine.
2) generate a certificate request with keytool, then send that off to the certificate authority.
3) get the signed certificate and then I thought I was replacing my self signed key with their signed one so I'd delete the alias from the keystore before importing the certificate. This is where I went wrong and get the errors in the catalina-YYYY-MM-DD.log file.
Just import the new certificate reply with the same alias into your keystore and leave the old key alias alone. The trusted certificate is used in place of your self signed one, but trying to be neat and deleting the old certificate actually deletes the key, so don't. Restart the server (tomcat or derivative) and everything is happy.
Thanks for everyone's patient explanations on this topic, but explaining the basic concepts again instead of just giving the (extremely helpful) commands and their order would have saved the original poster a lot of time I think.
Cheers,
Damian
[Message sent by forum member 'damwhee' (damian.wheeler_at_otago.ac.nz)]
http://forums.java.net/jive/thread.jspa?messageID=381610