3

I am trying to replace self signed jetty certificate by signed one. I replaced 2 files jetty.crt and jetty.key.Run 2 commands :

openssl pkcs12 -inkey jetty.key -in jetty.crt -export -out jetty.pkcs12
keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore

now jetty doesn't start. Here are logs :

2015-08-20 14:11:08.719:WARN:oejuc.AbstractLifeCycle:main: FAILED org.eclipse.jetty.server.Server@695a22ad: java.security.UnrecoverableKeyException: Cannot recover key java.security.UnrecoverableKeyException: Cannot recover key

Please help me fix it.

linuxsky
  • 31
  • 2
  • 5

2 Answers2

3

We had the similar problem.

After importing the newly generated pkcs12 keystore to the destination keystore, I ran

keytool -keypasswd -keystore path_to_your_keystore_file -alias your_key_alias -storetype JKS

set the keypassword as we used before and jetty started running.

muratozyurt
  • 101
  • 8
  • Welcome to StackOverflow: if you post code, XML or data samples, please highlight those lines in the text editor and click on the "code samples" button ( { } ) on the editor toolbar or using Ctrl+K on your keyboard to nicely format and syntax highlight it! – WhatsThePoint Jan 24 '18 at 14:11
0

It happens because there is a passwords mismatch into file: jetty-ssl.xml

One of the solution would be to generate a password as explained here: http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords

and copy/paste this password to jetty-ssl.xml file :

<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
  <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="etc/keystore"/></Set>
  <Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="OBF:paste_here_password"/></Set>
  <Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="OBF:paste_here_password"/></Set>
  <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default="etc/keystore"/></Set>
  <Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="OBF:paste_here_password"/></Set>

NOTE:
1. On jetty 9 don't paste password in plain text it must be encrypted password generated by jetty utility. Here is an instruction how to get the password : http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords
2. To avoid confusions you can simply use the same password in all three instances into the file
jetty-ssl.xml for:
jetty.keystore.password
jetty.keymanager.password
jetty.truststore.password

linuxsky
  • 31
  • 2
  • 5