Fix for Cannot recover key error in JAVA

This is how i fixed Cannot recover key error in JAVA while i was setting up an SSL configuration for one of the Application Servers. Following is the part of the exception that i noted in the error log of my app,I couldn't start my tomcat and  jboss servers because of the below error.

ERROR - Could not start Cannot recover key !JsseListener: Cannot recover key
    at org.mortbay.jetty.AbstractConnector.doStart(
    at org.mortbay.component.AbstractLifeCycle.start(

I see there are lot of post in google, but hard to find the exact solution, here it goes.

What causes this SSL error?
The answer is simple, the passwords of the Certificate Key and the generated keystore are different, they cannot be different and they should be same.If your certificate cer/crt/pfx key has a password called hpanswers then your generated keystore file should also have a similar password called hpanswers, it cannot be different, so both the certificate key and the jks keystore file should have the same password.

You either need to regenerate the keystore with the same password as certificate key or change the password for both..Set the key password to be the same as keystore password, using the below java keytool command

The below is an example , here the certificate key password is oldpass and the key password is hpanswers, we are now changing they certificate key password to hpanswers

$ keytool -keypasswd -keystore test.jks -alias ssltest
Enter keystore password:  hpanswers
Enter key password for ssltesr: oldpass
New key password for ssltest:  hpanswers
Re-enter new key password for :  hpanswers

Following is some useful information i noted while i was solving this posted on globalsign

How to Fix "Cannot Recover Key" Error

The error “ Cannot recover key” occurs when the keystore and keyEntry passwords are different. To resolve this issue, you must remove all traces of the past certificate and request the file.

You must generate a new keystore, keyEntry and CSR. You must also specify the same password for the keystore and the keyEntry.

Useful References to understand this issue better.
  1. Cannot recover key
  2.  Cannot recover key tomcat
  3. Fish Eye Server Error

No comments:

Post a Comment