Are there any jetty experts here? Im trying to add new SSL cert to NRS's default keystore which is using default password of storepwd. I used the keytool command to import a pkcs12 keyfile (containing server.key, server.crt, and intermediate.crt) as per instructions at
http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html but after 'NRS 0.7.3 started successfully.' message in console it bombs with
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.eclipse.jetty.start.Main.invokeMain(Main.java:297)
at org.eclipse.jetty.start.Main.start(Main.java:724)
at org.eclipse.jetty.start.Main.main(Main.java:103)
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(Unknown Source)
at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(Unknown Source)
at sun.security.ssl.SunX509KeyManagerImpl.(Unknown Source)
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(Unknown Source)
at javax.net.ssl.KeyManagerFactory.init(Unknown Source)
at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:904)
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:297)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:69)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:117)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:99)
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:64)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:69)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:117)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:99)
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:259)
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:218)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:69)
at org.eclipse.jetty.server.Server.doStart(Server.java:336)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:69)
at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1250)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1174)
... 7 more
no idea what Im doing wrong. Does anyone see anything wrong with my keystore?
# keytool -list -keystore /root/nxt-kit/nxt/etc/keystore -storepass storepwd
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
jetty, Nov 7, 2008, PrivateKeyEntry,
Certificate fingerprint (SHA1): 66:62:5A:2B:2F:96:E1:88:E7:27:19:E0:0E:C6:60:B0:FC:86:B2:64
1, Feb 12, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1): 0B:50:A2:84:81:4A:9C:15:42:6C:19:30:13:98:1D:B2:53:B6:C4:B1
#