How can I enable SSL on Bitbucket?

Im trying to setup BitBucket server, and cant get the SSL to work.

I created a new keystore and a self-signed certificate. Then I signed the certificate with our CA. Then imported three certs to the keystore in the right order. First the RCA, then ICA and then the signed certificate. 

Bitbucket.properties look like this:

jdbc.driver=org.postgresql.Driver
jdbc.url=jdbc:postgresql://localhost:5432/bitbucket
jdbc.user=bitbucketuser
jdbc.password=xxxxxxx

server.port=8444
server.ssl.enabled=true
server.ssl.key-store=/var/atlassian/application-data/bitbucket/shared/config/ssl-keystore
server.ssl.key-store-password=Password
server.ssl.key-password=Password
server.ssl.key-alias=tomcat

Error log looks like this:

2017-10-11 13:20:03,802 INFO [main] c.a.b.i.b.BitbucketServerApplication Starting BitbucketServerApplication on rhonas with PID 1311 (/opt/atlassian/bitbucket/5.4.0/app/WEB-INF/classes started by atlbitbucket in /)
2017-10-11 13:20:03,809 INFO [main] c.a.b.i.b.BitbucketServerApplication No active profile set, falling back to default profiles: default
2017-10-11 13:20:06,812 INFO [main] c.a.b.i.boot.log.BuildInfoLogger Starting Bitbucket 5.4.0 (9d5666b built on Tue Sep 19 07:26:24 EEST 2017)
2017-10-11 13:20:06,812 INFO [main] c.a.b.i.boot.log.BuildInfoLogger JVM: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 1.8.0_102-b14
2017-10-11 13:20:10,262 ERROR [main] o.a.coyote.http11.Http11NioProtocol Failed to start end point associated with ProtocolHandler ["https-jsse-nio-8444"]
java.lang.IllegalArgumentException: java.io.IOException: Alias name [tomcat] does not identify a key entry
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
at com.atlassian.bitbucket.internal.boot.BitbucketServerApplication.start(BitbucketServerApplication.java:247)
at com.atlassian.bitbucket.internal.boot.BitbucketServerApplication.main(BitbucketServerApplication.java:83)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at com.atlassian.bitbucket.internal.launcher.BitbucketServerLauncher.start(BitbucketServerLauncher.java:151)
at com.atlassian.bitbucket.internal.launcher.BitbucketServerLauncher.main(BitbucketServerLauncher.java:99)
... 11 frames trimmed
Caused by: java.io.IOException: Alias name [tomcat] does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:217)
... 16 common frames omitted
2017-10-11 13:20:10,287 ERROR [main] o.a.catalina.core.StandardService Failed to start connector [Connector[HTTP/1.1-8444]]
org.apache.catalina.LifecycleException: Failed to start component [Connector[HTTP/1.1-8444]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.addPreviouslyRemovedConnectors(TomcatEmbeddedServletContainer.java:250)
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainer.start(TomcatEmbeddedServletContainer.java:193)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.startEmbeddedServletContainer(EmbeddedWebApplicationContext.java:297)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:145)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
at com.atlassian.bitbucket.internal.boot.BitbucketServerApplication.start(BitbucketServerApplication.java:247)
at com.atlassian.bitbucket.internal.boot.BitbucketServerApplication.main(BitbucketServerApplication.java:83)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
at com.atlassian.bitbucket.internal.launcher.BitbucketServerLauncher.start(BitbucketServerLauncher.java:151)
at com.atlassian.bitbucket.internal.launcher.BitbucketServerLauncher.main(BitbucketServerLauncher.java:99)
... 5 frames trimmed
Caused by: org.apache.catalina.LifecycleException: service.getName(): "Tomcat"; Protocol handler start failed
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1029)
... 16 common frames omitted
Caused by: java.lang.IllegalArgumentException: java.io.IOException: Alias name [tomcat] does not identify a key entry
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
... 16 common frames omitted
Caused by: java.io.IOException: Alias name [tomcat] does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:217)
... 16 common frames omitted
2017-10-11 13:20:16,427 WARN [spring-startup] c.a.stash.internal.home.HomeLock Failed to write process information into the lock file
java.nio.channels.ClosedByInterruptException: null
at java.nio.channels.spi.AbstractInterruptibleChannel.end(AbstractInterruptibleChannel.java:202)
at sun.nio.ch.FileChannelImpl.write(FileChannelImpl.java:216)
at com.atlassian.stash.internal.home.HomeLock.acquireLock(HomeLock.java:123)
at com.atlassian.stash.internal.home.HomeLock.lock(HomeLock.java:94)
at com.atlassian.stash.internal.home.HomeLockAcquirer.lock(HomeLockAcquirer.java:58)
at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:149)
at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:687)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:525)
at javax.servlet.GenericServlet.init(GenericServlet.java:158)
at java.lang.Thread.run(Thread.java:745)
... 27 frames trimmed
2017-10-11 13:20:16,428 INFO [spring-startup] c.a.s.internal.home.HomeLockAcquirer Successfully acquired lock on home directory /var/atlassian/application-data/bitbucket
2017-10-11 13:20:19,466 ERROR [spring-startup] com.zaxxer.hikari.pool.HikariPool bitbucket - Exception during pool initialization.
org.postgresql.util.PSQLException: Something unusual has occurred to cause the driver to fail. Please report this exception.

And here is some relevant info from the keystore:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 3 entries

Alias name: tomcat
Creation date: Oct 9, 2017
Entry type: trustedCertEntry

Owner: CN=Gert Kosenkranius, OU=IT, O=North Estonian Medical Centre, L=Tallinn, ST=Harjumaa, C=EE
Issuer: CN=PERH ICA, DC=regionaalhaigla, DC=ee

*******************************************
*******************************************

Alias name: rca
Creation date: Oct 9, 2017
Entry type: trustedCertEntry

Owner: CN=PERH RCA
Issuer: CN=PERH RCA

*******************************************
*******************************************

Alias name: ica
Creation date: Oct 9, 2017
Entry type: trustedCertEntry

Owner: CN=PERH ICA, DC=regionaalhaigla, DC=ee
Issuer: CN=PERH RCA