Hi
I try to create the a keytool from an existing certificate and private key
created with openssl. I can create the keystore and start the web gui with
https support. When I try to browse the site I get a "Cannot recover key"
error on the console.
Play server process ID is 7262
[debug] application - Loading timeout value into cache from configuration
for key DEFAULT: Not configured, falling back to default.
[debug] application - Loading timeout value into cache from configuration
for key node_refresh: Not configured, falling back to default.
[info] play - Application started (Prod)
[info] play - Listening for HTTP on /0:0:0:0:0:0:0:0:9000
[info] play - Listening for HTTPS on port /0:0:0:0:0:0:0:0:443
[error] play - Error loading HTTPS keystore from keystore.jks
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:328) ~[
na:1.7.0_65]
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:138
) ~[na:1.7.0_65]
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java
:55) ~[na:1.7.0_65]
at java.security.KeyStore.getKey(KeyStore.java:792) ~[na:1.7.0_65]
at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.
java:131) ~[na:1.7.0_65]
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(
KeyManagerFactoryImpl.java:68) ~[na:1.7.0_65]
[error] p.nettyException - Exception caught in Netty
I tried the following to create the keystore
1. Convert OpenSSL Certificates to Java Keytool
openssl pkcs12 -export -nodes -in servercert.pem -inkey serverkey.key -out
server.p12
2. Import PKCS12 into Keytool
keytool -importkeystore -srckeystore server.p12 -srcstoretype PKCS12
-srcstorepass
<pass-p12> -destkeystore keystore.jks -deststoretype JKS
The output of the PKCS12 verification is as followed
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Bag Attributes
localKeyID: 05 0E 22 2D A5 94 68 A7 E8 19 C9 38 CF EB 18 6A 29 AA 15 4A
subject=/C=CH/ST=Bern/L=Bern/O=Universitaet Bern/OU=Informatikdienste/CN=
idlogger.unibe.ch
issuer=/C=BM/O=QuoVadis Limited/CN=QuoVadis Global SSL ICA G2
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Certificate bag
Bag Attributes: <No Attributes>
subject=/C=BM/O=QuoVadis Limited/CN=QuoVadis Global SSL ICA G2
issuer=/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Bag Attributes
localKeyID: 05 0E 22 2D A5 94 68 A7 E8 19 C9 38 CF EB 18 6A 29 AA 15 4A
Key Attributes: <No Attributes>
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN ENCRYPTED PRIVATE KEY-----
....
-----END ENCRYPTED PRIVATE KEY-----
The Keytool verification says
Keystore-Typ: JKS
Keystore-Provider: SUN
Keystore contains 1 entry
1, 05.09.2014, PrivateKeyEntry,
Zertifikat-Fingerprint (SHA1): 05:0E:22:2D:A5:94:68:A7:E8:19:C9:38:CF:EB:18:
6A:29:AA:15:4A
The passwords are all the same (within the keystore).
If somebody has an idea what else I could try I would be really happy and
thankful :)!
Kind regards
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
