Error Starting Nexus With HTTPS Configuration

I have been trying to follow the instructions here: Configuring SSL to set up my local nexus repository to use https. I generated a self-signed certificate, created a keystore and placed it in /opt/nexus/nexus-3.22.0-02-unix/nexus-3.22.0-02/etc/ssl . I also went in and updated and jetty-https.xml as instructed. When I try to start up nexus it fails with the error: - Failed to start
java.lang.IllegalStateException: no valid keystore

I’m not sure what else I need to do. Any help would be appreciated.

FYI here is the output when I run a keytool -list command on my keystore:
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: 1
Creation date: Nov 2, 2020
Entry type: PrivateKeyEntry
Certificate chain length: 1
Owner: CN=tura, O=Tura Inc, L=Muncy, ST=Pennsylvania, C=US
Issuer: CN=tura, O=Tura Inc, L=Muncy, ST=Pennsylvania, C=US
Serial number: 45b131c360e7e78c3809439165c1bc6e82bd3d10
Valid from: Mon Nov 02 09:36:58 EST 2020 until: Tue Nov 02 10:36:58 EDT 2021
Certificate fingerprints:
	 SHA1: CE:B3:16:12:E2:AF:EB:94:32:78:94:41:BF:05:2C:41:59:2F:1E:23
	 SHA256: 18:0F:B6:B7:0D:27:E3:2B:73:52:5E:F1:1D:6E:B8:27:D3:F3:7A:21:89:F5:E8:7F:72:28:D6:43:E7:B4:57:B8
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 4096-bit RSA key
Version: 3


#1: ObjectId: Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B5 6D FE 0F 17 AE 7D 7A   38 38 2D 5E 9D 21 40 C5  .m.....z88-^.!@.
0010: F9 1B 3C C6                                        ..<.

#2: ObjectId: Criticality=true

#3: ObjectId: Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B5 6D FE 0F 17 AE 7D 7A   38 38 2D 5E 9D 21 40 C5  .m.....z88-^.!@.
0010: F9 1B 3C C6                                        ..<.


If you’re following the instructions on our help site the keystore should be placed in $workdir/etc/ssl/keystore.jks (e.g. “sonatype-work/nexus3/etc/ssl/keystore.jks”).

This line tells Nexus Repo to look there:


We advise setting it up that way so the keystore will survive upgrades.


That seemed to do the trick. Thanks!

Now that I have that working though, I’m running into a new problem. When I try to access my repo in the browser, it is defaulting to using http rather than https. The instructions mention something about configuring the Base URL, but the provided link go to a page that doesn’t actually have any information about how to do that. What do I need to do to make a request to localhost:8443 actually go to the right place?