Hi,
I'm trying to put entry into glassfish keystore.jks, which have password different from keystore one. I've tried to generate entry via [b]keytool[/b] [i]-genkeypair[/i] as well as to import it from external PKCS12 keystore file via [i]-importkeystore[/i]. If entry password is same as keystore one everything works perfectly. When it differs or is changed by [i]-keypasswd[/i] following exception occurs
[#|2009-03-20T12:31:45.125+0100|WARNING|sun-appserver9.1|javax.enterprise.system.stream.err|_ThreadID=10;_ThreadName=main;_RequestID=1f19c3e4-d96a-402e-ad36-5f21db1a4b0e;|java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.server.PELaunch.main(PELaunch.java:412)
Caused by: java.lang.ExceptionInInitializerError
at com.sun.enterprise.security.SecurityLifecycle.onInitialization(SecurityLifecycle.java:101)
at com.sun.enterprise.server.ApplicationServer.onInitialization(ApplicationServer.java:262)
at com.sun.enterprise.server.ondemand.OnDemandServer.onInitialization(OnDemandServer.java:101)
at com.sun.enterprise.server.PEMain.run(PEMain.java:401)
at com.sun.enterprise.server.PEMain.main(PEMain.java:338)
... 5 more
Caused by: java.lang.IllegalStateException: java.security.UnrecoverableKeyException: Cannot recover key
at com.sun.enterprise.security.SSLUtils.<clinit>(SSLUtils.java:128)
... 10 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38)
at java.security.KeyStore.getKey(KeyStore.java:763)
at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:113)
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239)
at com.sun.enterprise.security.SSLUtils.initKeyManagers(SSLUtils.java:320)
at com.sun.enterprise.security.SSLUtils.<clinit>(SSLUtils.java:106)
... 10 more
|#]
From Kumar's blog
http://weblogs.java.net/blog/kumarjayanti/archive/2007/11/ssl_and_crl_che.html it seems there are some limitations, which prevents to have glassfish entries with their own passwords in single keystore. Do someone know more details of it? I also wonder why glassfish tries to access non system entries in keystore during startup ...
[Message sent by forum member 'cigorin' (cigorin)]
http://forums.java.net/jive/thread.jspa?messageID=338118