This is how i fixed Cannot recover key error in JAVA while i was setting up an SSL configuration for one of the Application Servers. Following is the part of the exception that i noted in the error log of my app,I couldn't start my tomcat and jboss servers because of the below error.
ERROR - Could not start server:java.security.UnrecoverableKeyException: Cannot recover key
java.io.IOException: !JsseListener: java.security.UnrecoverableKeyException: Cannot recover key
at org.mortbay.jetty.security.SslSocketConnector.newServerSocket(SslSocketConnector.java:516)
at org.mortbay.jetty.bio.SocketConnector.open(SocketConnector.java:73)
at org.mortbay.jetty.AbstractConnector.doStart(AbstractConnector.java:283)
at org.mortbay.jetty.bio.SocketConnector.doStart(SocketConnector.java:147)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
I see there are lot of post in google, but hard to find the exact solution, here it goes.
What causes this SSL error?
The answer is simple, the passwords of the Certificate Key and the generated keystore are different, they cannot be different and they should be same.If your certificate cer/crt/pfx key has a password called hpanswers then your generated keystore file should also have a similar password called hpanswers, it cannot be different, so both the certificate key and the jks keystore file should have the same password.
You either need to regenerate the keystore with the same password as certificate key or change the password for both..Set the key password to be the same as keystore password, using the below java keytool command
The below is an example , here the certificate key password is oldpass and the key password is hpanswers, we are now changing they certificate key password to hpanswers
$ keytool -keypasswd -keystore test.jks -alias ssltest
Enter keystore password: hpanswers
Enter key password for ssltesr: oldpass
New key password forssltest: hpanswers
Re-enter new key password for: hpanswers
Following is some useful information i noted while i was solving this posted on globalsign
How to Fix "Cannot Recover Key" Error
The error “java.security.UnrecoverableKeyException: Cannot recover key” occurs when the keystore and keyEntry passwords are different. To resolve this issue, you must remove all traces of the past certificate and request the file.
You must generate a new keystore, keyEntry and CSR. You must also specify the same password for the keystore and the keyEntry.
New key password for
Re-enter new key password for
Following is some useful information i noted while i was solving this posted on globalsign
How to Fix "Cannot Recover Key" Error
The error “java.security.UnrecoverableKeyException: Cannot recover key” occurs when the keystore and keyEntry passwords are different. To resolve this issue, you must remove all traces of the past certificate and request the file.
You must generate a new keystore, keyEntry and CSR. You must also specify the same password for the keystore and the keyEntry.
No comments:
Post a Comment