Found some issue in attaching a log file. So copying the stack trace I am
getting
SEVERE: Failed to initialize end point associated with ProtocolHandler
["http-bio-7443"]
java.io.IOException: Cannot recover key
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:475)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
at
org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:380)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:566)
at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:417)
at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:956)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:624)
at org.apache.catalina.startup.Catalina.load(Catalina.java:649)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:449)
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at
sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
at
sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121)
at
sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38)
at java.security.KeyStore.getKey(KeyStore.java:763)
at
com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:113)
at
com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48)
at
javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:576)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:505)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:449)
... 19 more
Jul 6, 2012 2:28:11 PM org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-7443]]
org.apache.catalina.LifecycleException: Failed to initialize component
[Connector[HTTP/1.1-7443]]
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:624)
at org.apache.catalina.startup.Catalina.load(Catalina.java:649)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:449)
Caused by: org.apache.catalina.LifecycleException: Protocol handler
initialization failed
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:958)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.io.IOException: Cannot recover key
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:475)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
at
org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:380)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:566)
at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:417)
at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:956)
... 13 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at
sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
at
sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121)
at
sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38)
at java.security.KeyStore.getKey(KeyStore.java:763)
at
com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:113)
at
com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48)
at
javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:576)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:505)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:449)
Regards,
Arun
From: Arun John (arujohn) [mailto:aruj...@cisco.com]
Sent: Friday, July 06, 2012 2:35 PM
To: users@tomcat.apache.org
Subject: Possible issue with Tomcat 7.0.27 SSL keystore configuration
Hi Team,
I am currently facing an issue with SSL configuration in Tomcat 7.0.27. I have
one keystore with three private keys to be used by different components . The
password I am using for the keystore file is "changed". The requirement is such
that I should be using three different password for the three private keys I
store in my keystore. I have configured my server.xml to allow https
connections, basically modified the connectors.
<Connector port="7443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keyAlias ="adminuicert"
keystoreFile="bin/.keystore" keystorePass="changed"/>
I am running into an issue here. When I configure different key passwords for
my private keys different from my keystore password I am running into an
exception saying it cannot recover the key. I have attached the catalina log.
I am not finding a way to provide the private key password in the server.xml
When I googled, I found that in Tomcat 5.5 it was not possible and found the
below bug. Not sure whether the bug is fixed in latest release
https://issues.apache.org/bugzilla/show_bug.cgi?id=38217
It says that if any of the passphrase is different, it cannot recover the key.
Also it says that tomcat treats the keypass and keystorePass as the same. I
also tried setting the adminuicert keyAlias with the same password as the
keystore. Even then it is not working.
Right now I am clueless on how to fix the issue. It would be of great help, if
someone can help me with a solution/workaround
Regards,
Arun
