Hi I try to create the a keytool from an existing certificate and private key created with openssl. I can create the keystore and start the web gui with https support. When I try to browse the site I get a "Cannot recover key" error on the console.
Play server process ID is 7262 [debug] application - Loading timeout value into cache from configuration for key DEFAULT: Not configured, falling back to default. [debug] application - Loading timeout value into cache from configuration for key node_refresh: Not configured, falling back to default. [info] play - Application started (Prod) [info] play - Listening for HTTP on /0:0:0:0:0:0:0:0:9000 [info] play - Listening for HTTPS on port /0:0:0:0:0:0:0:0:443 [error] play - Error loading HTTPS keystore from keystore.jks java.security.UnrecoverableKeyException: Cannot recover key at sun.security.provider.KeyProtector.recover(KeyProtector.java:328) ~[ na:1.7.0_65] at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:138 ) ~[na:1.7.0_65] at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java :55) ~[na:1.7.0_65] at java.security.KeyStore.getKey(KeyStore.java:792) ~[na:1.7.0_65] at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl. java:131) ~[na:1.7.0_65] at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit( KeyManagerFactoryImpl.java:68) ~[na:1.7.0_65] [error] p.nettyException - Exception caught in Netty I tried the following to create the keystore 1. Convert OpenSSL Certificates to Java Keytool openssl pkcs12 -export -nodes -in servercert.pem -inkey serverkey.key -out server.p12 2. Import PKCS12 into Keytool keytool -importkeystore -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass <pass-p12> -destkeystore keystore.jks -deststoretype JKS The output of the PKCS12 verification is as followed MAC Iteration 2048 MAC verified OK PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048 Certificate bag Bag Attributes localKeyID: 05 0E 22 2D A5 94 68 A7 E8 19 C9 38 CF EB 18 6A 29 AA 15 4A subject=/C=CH/ST=Bern/L=Bern/O=Universitaet Bern/OU=Informatikdienste/CN= idlogger.unibe.ch issuer=/C=BM/O=QuoVadis Limited/CN=QuoVadis Global SSL ICA G2 -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- Certificate bag Bag Attributes: <No Attributes> subject=/C=BM/O=QuoVadis Limited/CN=QuoVadis Global SSL ICA G2 issuer=/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 -----BEGIN CERTIFICATE----- .... -----END CERTIFICATE----- PKCS7 Data Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 Bag Attributes localKeyID: 05 0E 22 2D A5 94 68 A7 E8 19 C9 38 CF EB 18 6A 29 AA 15 4A Key Attributes: <No Attributes> Enter PEM pass phrase: Verifying - Enter PEM pass phrase: -----BEGIN ENCRYPTED PRIVATE KEY----- .... -----END ENCRYPTED PRIVATE KEY----- The Keytool verification says Keystore-Typ: JKS Keystore-Provider: SUN Keystore contains 1 entry 1, 05.09.2014, PrivateKeyEntry, Zertifikat-Fingerprint (SHA1): 05:0E:22:2D:A5:94:68:A7:E8:19:C9:38:CF:EB:18: 6A:29:AA:15:4A The passwords are all the same (within the keystore). If somebody has an idea what else I could try I would be really happy and thankful :)! Kind regards -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.