"Cannot recover key" in Winstone HTTPS initialization
559 views
Skip to first unread message
Nick
Mar 16, 2011, 7:11:18 PM3/16/11
to Jenkins Users
I've set up a keystore containing a 2048-bit SSL certificate inside my
Jenkins folder, and configured Jenkins to use HTTPS with the following
arguments settings (in jenkins.xml):
-Xrs -Xmx256m -
Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -jar "%BASE%
\jenkins.war" --httpPort=-1 --httpsPort=443 --httpsKeyStore="%BASE%
\winstone.ks" --httpsKeyStorePassword="[actual password here]"
However, when starting up the Windows service, I get the following
error and stack trace:
[Winstone 2011/03/16 15:26:58] - Error during HTTPS listener init or
shutdown
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(Unknown Source)
at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(Unknown
Source)
at java.security.KeyStore.getKey(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(Unknown
Source)
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl
$SunX509.engineInit(Unknown Source)
at javax.net.ssl.KeyManagerFactory.init(Unknown Source)
at winstone.ssl.HttpsListener.getSSLContext(HttpsListener.java:269)
at winstone.ssl.HttpsListener.getServerSocket(HttpsListener.java:189)
at winstone.HttpListener.run(HttpListener.java:116)
at java.lang.Thread.run(Unknown Source)
winstone.WinstoneException: Error getting the SSL context object
at winstone.ssl.HttpsListener.getSSLContext(HttpsListener.java:283)
at winstone.ssl.HttpsListener.getServerSocket(HttpsListener.java:189)
at winstone.HttpListener.run(HttpListener.java:116)
at java.lang.Thread.run(Unknown Source)
[Winstone 2011/03/16 15:26:58] - HTTPS Listener shutdown successfully
I've verified that the password is correct by using the Java keytool
to list the contents of the keystore file, so I'm not sure where else
to look.
Any advice?
Thanks,
Nick
Jenkins folder, and configured Jenkins to use HTTPS with the following
arguments settings (in jenkins.xml):
-Xrs -Xmx256m -
Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -jar "%BASE%
\jenkins.war" --httpPort=-1 --httpsPort=443 --httpsKeyStore="%BASE%
\winstone.ks" --httpsKeyStorePassword="[actual password here]"
However, when starting up the Windows service, I get the following
error and stack trace:
[Winstone 2011/03/16 15:26:58] - Error during HTTPS listener init or
shutdown
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(Unknown Source)
at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(Unknown
Source)
at java.security.KeyStore.getKey(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(Unknown
Source)
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl
$SunX509.engineInit(Unknown Source)
at javax.net.ssl.KeyManagerFactory.init(Unknown Source)
at winstone.ssl.HttpsListener.getSSLContext(HttpsListener.java:269)
at winstone.ssl.HttpsListener.getServerSocket(HttpsListener.java:189)
at winstone.HttpListener.run(HttpListener.java:116)
at java.lang.Thread.run(Unknown Source)
winstone.WinstoneException: Error getting the SSL context object
at winstone.ssl.HttpsListener.getSSLContext(HttpsListener.java:283)
at winstone.ssl.HttpsListener.getServerSocket(HttpsListener.java:189)
at winstone.HttpListener.run(HttpListener.java:116)
at java.lang.Thread.run(Unknown Source)
[Winstone 2011/03/16 15:26:58] - HTTPS Listener shutdown successfully
I've verified that the password is correct by using the Java keytool
to list the contents of the keystore file, so I'm not sure where else
to look.
Any advice?
Thanks,
Nick
Nick
Mar 16, 2011, 7:45:46 PM3/16/11
to Jenkins Users
Solved. For anyone who is curious, the issue was that the certificate
password and keystore password did not match.
http://www.globalsign.com/support/faq/tomcat/05.php
Regards,
Nick
password and keystore password did not match.
http://www.globalsign.com/support/faq/tomcat/05.php
Regards,
Nick
Reply all
Reply to author
Forward
0 new messages