[Geoserver-users] Geoserevr Cannot recover key of the keystore

Jorge_Penedo · September 23, 2022, 10:43am

Hello everyone

I’m trying to configure https access, with ssl, from a 2.20.05 server installed on platafroaqm windows with jetty.

In my institution there is already a plex certificate, so I used the command line to prodece the “new”
keystore

keytool -importkeystore -srckeystore m:\certs\mycert.pt.pfx -srcstoretype pkcs12 -destkeystore m:\certs\keystore -deststoretype JKS

then i copy the file to \etc

I generated my obf password with the command line

java -cp jetty-util-9.4.36.v20210114.jar org.eclipse.jetty.util.security.Password mypassword

(i checked the jetty version i have installed)

then i update the start.ini and the jetty-ssl.context.xml files

when i start the service i got this in the logs file

"…

2022-09-23 11:18:14.395:INFO:oejsh.ContextHandler:main: Started o.e.j.w.WebAppContext@…11569…{GeoServer,/geoserver,file:///C:/Program%20Files/GeoServer/webapps/geoserver/,AVAILABLE}{C:\Program Files\GeoServer\webapps\geoserver}
2022-09-23 11:18:14.426:INFO:oejs.AbstractConnector:main: Started ServerConnector@…11570…{HTTP/1.1, (http/1.1)}{0.0.0.0:8080}
2022-09-23 11:18:14.426:INFO:oejus.SslContextFactory:main: x509=X509@…11571…(1,h=[sines.pt],w=[sines.pt]) for Server@…11572…[provider=null,keyStore=file:///C:/Program%20Files/GeoServer/etc/keystore,trustStore=file:///C:/Program%20Files/GeoServer/etc/keystore]
2022-09-23 11:18:14.426:WARN:oejx.XmlConfiguration:main:
java.security.PrivilegedActionException: java.security.UnrecoverableKeyException: Cannot recover key
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1857)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.eclipse.jetty.start.Main.invokeMain(Main.java:218)
at org.eclipse.jetty.start.Main.start(Main.java:491)
at org.eclipse.jetty.start.Main.main(Main.java:77)
Caused by:
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(Unknown Source)
at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(Unknown Source)
at sun.security.provider.KeyStoreDelegator.engineGetKey(Unknown Source)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(Unknown Source)
at sun.security.ssl.SunX509KeyManagerImpl.(Unknown Source)
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(Unknown Source)
at javax.net.ssl.KeyManagerFactory.init(Unknown Source)
at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1243)
at org.eclipse.jetty.util.ssl.SslContextFactory$Server.getKeyManagers(SslContextFactory.java:2267)
at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:372)
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:243)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:321)
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.server.Server.doStart(Server.java:401)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.xml.XmlConfiguration.lambda$main$3(XmlConfiguration.java:1907)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1857)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.eclipse.jetty.start.Main.invokeMain(Main.java:218)
at org.eclipse.jetty.start.Main.start(Main.java:491)
at org.eclipse.jetty.start.Main.main(Main.java:77)

…"

Can anyone help and tell me what went wrong?

Best regards to all

Jorge Penedo