Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Newcomers » Newcomers » how to import new SSL cert into existing default keystore?(how to import new SSL cert into existing default keystore?)
how to import new SSL cert into existing default keystore? [message #1244784] Wed, 12 February 2014 22:09 Go to next message
Randall Smiles is currently offline Randall SmilesFriend
Messages: 2
Registered: February 2014
Junior Member
Im following the steps here:
http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html

Im trying to add ssl cert into an existing jetty implementation that already has self-signed cert and working SSL connector/factory. I converted my key, cert, and intermediate cert into pkcs12 as per eclipse wiki, and imported that into existing keystore using the storepwd password, no errors so far, but upon starting my .jar it crashes with "java.lang.reflect.InvocationTargetException" caused by "Caused by: java.security.UnrecoverableKeyException: Cannot recover key"

the new key did seem to get put into that existing keystore:

# keytool -list -keystore ./keystore
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

1, Feb 12, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1): 0B:50:A2:84:81:4A:9C:15:42:6C:19:30:13:98:1D:B2:53:B6:C4:B1


java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.eclipse.jetty.start.Main.invokeMain(Main.java:297)
at org.eclipse.jetty.start.Main.start(Main.java:724)
at org.eclipse.jetty.start.Main.main(Main.java:103)
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(Unknown Source)
at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(Unknown Source)
at sun.security.ssl.SunX509KeyManagerImpl.<init>(Unknown Source)
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(Unknown Source)
at javax.net.ssl.KeyManagerFactory.init(Unknown Source)
at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:904)
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:297)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:69)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:117)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:99)
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:64)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:69)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:117)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:99)
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:259)
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:218)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:69)
at org.eclipse.jetty.server.Server.doStart(Server.java:336)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:69)
at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1250)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1174)
... 7 more

Report message to a moderator

Re: how to import new SSL cert into existing default keystore? [message #1245410 is a reply to message #1244784] Thu, 13 February 2014 19:27 Go to previous message
Randall Smiles is currently offline Randall SmilesFriend
Messages: 2
Registered: February 2014
Junior Member

for anyone else with this issue, Ive found the problem. the examples from



https://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty



have this



<Call name="addConnector">

<Arg>

<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">

<Arg>

<New class="org.eclipse.jetty.http.ssl.SslContextFactory">

<Set name="keyStore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>

<Set name="keyStorePassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>

<Set name="keyManagerPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>

<Set name="trustStore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>

<Set name="trustStorePassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>

</New>

</Arg>

<Set name="port">8443</Set>

<Set name="maxIdleTime">30000</Set>

</New>

</Arg>

</Call>



and a keen eye will see that the keymanager password is different than the other 2. I just took out all keymanager/truststore stuff as then they inherit the config from keystore. now my cert works.

Report message to a moderator

Previous Topic:Compare function like in WinMerge
Next Topic:Check for Update fails
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Oct 20 01:30:44 GMT 2020

Powered by FUDForum. Page generated in 0.06434 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly