I am supplied with a jks keystore named ABCC_client.store. When I import this keystore to cacerts and try connecting it says No such Algorithm error. PFA the stacktrace
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at java.security.Provider$Service.newInstance(Provider.java:1245)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)
at org.apache.axis.components.net.JSSESocketFactory.initFactory(JSSESocketFactory.java:61)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:79)
... 32 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38)
at java.security.KeyStore.getKey(KeyStore.java:763)
at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:113)
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:170)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at java.security.Provider$Service.newInstance(Provider.java:1221)
... 39 more
But if I use this keystore independently i.e without adding it to cacerts it works.
Some googling led to me to http://joewlarson.com/blog/2009/03/25/java-ssl-use-the-same-password-for-keystore-and-key/ which says that password might me different for the key and the keystore.
asked Apr 12, 2013 at 9:27
4
If using Tomcat 6 and earlier, make sure the keystore password and the key password are same. If using Tomcat 7 and later, make sure they are the same or that the key password is specified in the server.xml file.
Captain Man
6,5784 gold badges48 silver badges71 bronze badges
answered Jun 1, 2014 at 10:40
7
The private key password defined in your app/config is incorrect. First try verifying the the private key password by changing to another one as follows:
keytool -keypasswd -new changeit -keystore cacerts -storepass changeit -alias someapp -keypass password
The above example changes the password from password to changeit. This command will succeed if the private key password was password.
answered Oct 23, 2013 at 3:15
4
In order to not have the Cannot recover key exception, I had to apply the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files to the installation of Java that was running my application. Version 8 of those files can be found here or the latest version should be listed on this page. The download includes a file that explains how to apply the policy files.
Since JDK 8u151 it isn’t necessary to add policy files. Instead the JCE jurisdiction policy files are controlled by a Security property called crypto.policy. Setting that to unlimited with allow unlimited cryptography to be used by the JDK. As the release notes linked to above state, it can be set by Security.setProperty() or via the java.security file. The java.security file could also be appended to by adding -Djava.security.properties=my_security.properties to the command to start the program as detailed here.
Since JDK 8u161 unlimited cryptography is enabled by default.
answered Feb 10, 2016 at 13:55
WhiteKnightWhiteKnight
4,8084 gold badges36 silver badges41 bronze badges
2
I had the same error when we imported a key into a keystore that was build using a 64bit OpenSSL Version. When we followed the same procedure to import the key into a keystore that was build using a 32 bit OpenSSL version everything went fine.
answered Dec 28, 2015 at 12:10
HeimiHeimi
511 silver badge3 bronze badges
3
Check if password you are using is correct one by running below command
keytool -keypasswd -new temp123 -keystore awsdemo-keystore.jks -storepass temp123 -alias movie-service -keypass changeit
If you are getting below error then your password is wrong
keytool error: java.security.UnrecoverableKeyException: Cannot recover key
answered Feb 8, 2020 at 13:47
2
I am supplied with a jks keystore named ABCC_client.store. When I import this keystore to cacerts and try connecting it says No such Algorithm error. PFA the stacktrace
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at java.security.Provider$Service.newInstance(Provider.java:1245)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)
at org.apache.axis.components.net.JSSESocketFactory.initFactory(JSSESocketFactory.java:61)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:79)
... 32 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38)
at java.security.KeyStore.getKey(KeyStore.java:763)
at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:113)
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:170)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at java.security.Provider$Service.newInstance(Provider.java:1221)
... 39 more
But if I use this keystore independently i.e without adding it to cacerts it works.
Some googling led to me to http://joewlarson.com/blog/2009/03/25/java-ssl-use-the-same-password-for-keystore-and-key/ which says that password might me different for the key and the keystore.
asked Apr 12, 2013 at 9:27
4
If using Tomcat 6 and earlier, make sure the keystore password and the key password are same. If using Tomcat 7 and later, make sure they are the same or that the key password is specified in the server.xml file.
Captain Man
6,5784 gold badges48 silver badges71 bronze badges
answered Jun 1, 2014 at 10:40
7
The private key password defined in your app/config is incorrect. First try verifying the the private key password by changing to another one as follows:
keytool -keypasswd -new changeit -keystore cacerts -storepass changeit -alias someapp -keypass password
The above example changes the password from password to changeit. This command will succeed if the private key password was password.
answered Oct 23, 2013 at 3:15
4
In order to not have the Cannot recover key exception, I had to apply the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files to the installation of Java that was running my application. Version 8 of those files can be found here or the latest version should be listed on this page. The download includes a file that explains how to apply the policy files.
Since JDK 8u151 it isn’t necessary to add policy files. Instead the JCE jurisdiction policy files are controlled by a Security property called crypto.policy. Setting that to unlimited with allow unlimited cryptography to be used by the JDK. As the release notes linked to above state, it can be set by Security.setProperty() or via the java.security file. The java.security file could also be appended to by adding -Djava.security.properties=my_security.properties to the command to start the program as detailed here.
Since JDK 8u161 unlimited cryptography is enabled by default.
answered Feb 10, 2016 at 13:55
WhiteKnightWhiteKnight
4,8084 gold badges36 silver badges41 bronze badges
2
I had the same error when we imported a key into a keystore that was build using a 64bit OpenSSL Version. When we followed the same procedure to import the key into a keystore that was build using a 32 bit OpenSSL version everything went fine.
answered Dec 28, 2015 at 12:10
HeimiHeimi
511 silver badge3 bronze badges
3
Check if password you are using is correct one by running below command
keytool -keypasswd -new temp123 -keystore awsdemo-keystore.jks -storepass temp123 -alias movie-service -keypass changeit
If you are getting below error then your password is wrong
keytool error: java.security.UnrecoverableKeyException: Cannot recover key
answered Feb 8, 2020 at 13:47
2
I can’t signed my apk with the existing keystore. Its giving me this error when signing:
com.android.ide.common.signing.KeytoolException: Failed to read key Cannot recover key
So, by following this link, I have tried to change the password but its giving me keytool error: java.security.UnrecoverableKeyException: Cannot recover key error when executing this command:
keytool -keypasswd -alias %MyKeyAlias% -new %newpassword% -keystore KeyStore.jks
I have already a version available in playstore using this keystore.
asked Nov 20, 2016 at 16:39
9
I finally solved it by reading the document:
https://www.rickyadams.com/wp/index.php/2017/11/15/keytool-java-keystore-ssl/
As I use a different storepass and keypass.
Verify the private key password by attempting to change it
> keytool -keypasswd -keystore KEYSTORE -alias ALIAS -storepass PASSWORD
This is the output you’ll see if a key password isn’t set, or if the key password is the same as the store password:
New key password for <ALIAS>:
This is the output you’ll see if a key password is set and you enter it incorrectly:
Enter key password for ALIAS:
keytool error: java.security.UnrecoverableKeyException: Cannot recover key
This is the output you’ll see if a key password is set and you enter it correctly:
Enter key password for <ALIAS>:
New key password for <ALIAS>:
Folkmann
5,9713 gold badges12 silver badges14 bronze badges
answered Apr 8, 2019 at 3:35
Looks like missing private key.
answered Nov 29, 2016 at 13:23
Amit BaggaAmit Bagga
6483 silver badges11 bronze badges
0
System.setProperty("javax.net.ssl.keyStore","C:\Program Files\Java\jdk1.6.0_07\lib\security\keystore");
System.setProperty("javax.net.ssl.keyStorePassword","changeit");
URL endpoint = new java.net.URL("https://foo.bar/services/ingest);
ingestSoapBindingStub ingest = new ingestSoapBindingStub(endpoint,null);
/***********auto generated from wsdl2java************/
org.apache.axis.client.Call _call = createCall();
_call.setOperation(_operations[0]);
_call.setUseSOAPAction(true);
_call.setSOAPActionURI("ingest");
_call.setSOAPVersion(org.apache.axis.soap.SOAPConstants.SOAP11_CONSTANTS);
_call.setOperationName(new javax.xml.namespace.QName("http://ingest.webservice.foobar.com", "ingest"));
setRequestHeaders(_call);
setAttachments(_call);
try {
java.lang.Object _resp = _call.invoke(new java.lang.Object[] {header}); //this call is causing error
.....}
I get the following error:
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown Source)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:92) .....
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at java.security.Provider$Service.newInstance(Unknown Source)
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:79)
... 45 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(Unknown Source)
at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(Unknown Source)
... 53 more
{http://xml.apache.org/axis/}hostname:foo-bar
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown Source)
... 42 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at java.security.Provider$Service.newInstance(Unknown Source)
... 45 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(Unknown Source)
at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
... 53 more
{code}
So basically I have the keystore in there with my personal public and private key. The truststore doesnt seem to be needed as i get the same exact error when i do include it. i searched around and it seems others dont use the generated code and am not sure how to fix this.... am i missing something else in my keystores or it is something else? thanks!
Edited by: shaselai on Sep 17, 2010 1:32 PM Problem
After securing Bitbucket Server with Tomcat using SSL, the application fails to start.
The following appears in the catalina.out:
As of Bitbucket Server 5.x, catalina.out will no longer exist. It will be written to atlassian-bitbucket.log instead.
14-Mar-2016 14:41:33.544 SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["http-nio-8443"]
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
at java.security.KeyStore.getKey(KeyStore.java:1023)
at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133)
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:608)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:537)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:359)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:737)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:457)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:960)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:567)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:851)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:576)
at org.apache.catalina.startup.Catalina.load(Catalina.java:599)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at com.atlassian.stash.internal.catalina.startup.Bootstrap.main(Bootstrap.java:79)Cause
The certificate key has a password that is different than the keystore password. Normally the key password isn’t set and it defaults to the keystore password.
Resolution
Set the key password to be the same as keystore password. This can be done by using the following command:
$ keytool -keypasswd -keystore /path/to/keystore.kst -alias bitbucketIn the command above, please attend to properly fill the path to the keystore used, as well as using the alias set for its key.
For Bitbucket Server 5.+, the keystore and key passwords are set using the following parameters in the bitbucket.properties file:
# Main connector
server.ssl.key-store-password=<password>
server.ssl.key-password=<password>
# Additional connector
server.additional-connector.<connectorNumber>.ssl.key-store-password=<password>
server.additional-connector.<connectorNumber>.ssl.key-password=<password>Содержание
- Bitbucket Support
- Knowledge base
- Products
- Jira Software
- Jira Service Management
- Jira Work Management
- Confluence
- Bitbucket
- Resources
- Documentation
- Community
- Suggestions and bugs
- Marketplace
- Billing and licensing
- Viewport
- Confluence
- Bitbucket Server fails to start with SSL — java.security.UnrecoverableKeyException: Cannot recover key
- Related content
- Still need help?
- Problem
- Cause
- Resolution
- Bitbucket Support
- Knowledge base
- Products
- Jira Software
- Jira Service Management
- Jira Work Management
- Confluence
- Bitbucket
- Resources
- Documentation
- Community
- Suggestions and bugs
- Marketplace
- Billing and licensing
- Viewport
- Confluence
- Bitbucket Server fails to start with SSL — java.security.UnrecoverableKeyException: Cannot recover key
- Related content
- Still need help?
- Problem
- Cause
- Resolution
- AppDynamics Community
- How to resolve «Cannot recover key» error when EUM service fails to start
Bitbucket Support
Knowledge base
Products
Jira Software
Project and issue tracking
Jira Service Management
Service management and customer support
Jira Work Management
Manage any business project
Confluence
Bitbucket
Git code management
Resources
Documentation
Usage and admin help
Answers, support, and inspiration
Suggestions and bugs
Feature suggestions and bug reports
Marketplace
Billing and licensing
Frequently asked questions
Viewport
Confluence
Bitbucket Server fails to start with SSL — java.security.UnrecoverableKeyException: Cannot recover key
Related content
Still need help?
The Atlassian Community is here for you.
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the server and data center platforms .
Problem
After securing Bitbucket Server with Tomcat using SSL, the application fails to start.
The following appears in the catalina.out:
As of Bitbucket Server 5.x, catalina.out will no longer exist. It will be written to atlassian-bitbucket.log instead.
Cause
The certificate key has a password that is different than the keystore password. Normally the key password isn’t set and it defaults to the keystore password.
Resolution
Set the key password to be the same as keystore password. This can be done by using the following command:
In the command above, please attend to properly fill the path to the keystore used, as well as using the alias set for its key.
Источник
Bitbucket Support
Knowledge base
Products
Jira Software
Project and issue tracking
Jira Service Management
Service management and customer support
Jira Work Management
Manage any business project
Confluence
Bitbucket
Git code management
Resources
Documentation
Usage and admin help
Answers, support, and inspiration
Suggestions and bugs
Feature suggestions and bug reports
Marketplace
Billing and licensing
Frequently asked questions
Viewport
Confluence
Bitbucket Server fails to start with SSL — java.security.UnrecoverableKeyException: Cannot recover key
Related content
Still need help?
The Atlassian Community is here for you.
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the server and data center platforms .
Problem
After securing Bitbucket Server with Tomcat using SSL, the application fails to start.
The following appears in the catalina.out:
As of Bitbucket Server 5.x, catalina.out will no longer exist. It will be written to atlassian-bitbucket.log instead.
Cause
The certificate key has a password that is different than the keystore password. Normally the key password isn’t set and it defaults to the keystore password.
Resolution
Set the key password to be the same as keystore password. This can be done by using the following command:
In the command above, please attend to properly fill the path to the keystore used, as well as using the alias set for its key.
Источник
Click the Start a free trial link to start a 15-day SaaS trial of our product and join our community as a trial user. If you are an existing customer do not start a free trial.
AppDynamics customers and established members should click the sign in button to authenticate.
- AppDynamics Community
- Knowledge Base
- How to resolve «Cannot recover key» error when EUM.
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
How to resolve «Cannot recover key» error when EUM service fails to start
- Article History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 01-31-2018 08:40 AM
EUM service fails to start with the following error in the EUM server log:
The password for the key-store specified in the EUM property is incorrect or it does not match the private key password. For EUM SSL implementation, the key-store password and the private key password must be the same.
Ensure that the password for the keystore and the private key match, and are specified in the eum.properties file.
To change the private key password using the keytool command:
1. Take a backup of the EUM keystore.
2. Run the following command:
Источник