I have 3 glassfish 2.x servers with an SSL cert that will expire in a week
so I have a little time to play.
I have followed the doc's on howto generate a new keystore, csr request, etc.
and now I am stuck. I have the old keystore.jks file running fine and a new
file (new.jks). I have imported the root, intermediate and cert into the
new.jks, then told the domain.xml file to use that and it bombs with the
following;
Caused by: java.lang.IllegalStateException:
java.security.UnrecoverableKeyException: Cannot recover key
at com.sun.enterprise.security.SSLUtils.<clinit>(SSLUtils.java:128)
I can test to make sure the cert is in using the command;
/keytool -list -v -keystore new.jks -alias myalias and get the info (this is
just the top);
/
Owner: CN=api.mydomain.com, OU=Domain Control Validated - RapidSSL(R), OU=See
www.rapidssl.com/resources/cps (c)11, OU=GT06273877, O=api.mydomain.com,
C=US, SERIALNUMBER=uqovQ4SFeb-FcCu5KrGxbRef3IomKkVc
Issuer: CN=RapidSSL CA, O="GeoTrust, Inc.", C=US
Serial number: 2fea8
Valid from: Tue Aug 30 22:56:35 EDT 2011 until: Fri Nov 01 03:05:11 EDT
2013
I dont think the original PW was ever changed, so I made the pass on this
new.jks file the same. I am looking around and reading while I wait for a
reply, but I am not sure if I can simply import the new .cert file into the
existing one. When playing I got a root already exists, do deleted that
alias, imported, etc. but that went down a road of errors, so I am wondering
if it's simply best to use the new.jks file I made, with the new cert, etc.
and just get GF to play nice.
But when I say to the domain.xml file to use new.jks, and start it, it dies
rather quickly with the following error;
*Caused by: java.security.UnrecoverableKeyException: Cannot recover key
*
Please let me know if I need to provide any other details, commands, etc. as
this is a bit timely.
Thanks
--
[Message sent by forum member 'xkaliburx']
View Post: http://forums.java.net/node/840550