powered by Jive Software

Problem with SSL certificate: Supplied key (null) is not a RSAPrivateKey instance

Hello all,

For some reason, openfire does not like my certificate. I’ve tried to delete it, resign it and reimport it and it is still the same. I see it fine in keytool:

*# keytool -list -keystore keystore
Enter keystore password: *

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 4 entries

stage.mycompany.com_1, Jun 3, 2009, PrivateKeyEntry,
Certificate fingerprint (MD5): DA:C6:07:BB:AF:E9:99:BA:D0:50:A5:48:AB:C6:34:02
cacert, Jun 3, 2009, trustedCertEntry,
Certificate fingerprint (MD5): 08:9B:34:E3:3E:09:60:E5:49:A6:31:3F:D5:89:CD:31
stage.mycpmpany.com-rsa, Jun 3, 2009, PrivateKeyEntry,
Certificate fingerprint (MD5): DA:C6:07:BB:AF:E9:99:BA:D0:50:A5:48:AB:C6:34:02
stage.mycompanycom, Jun 3, 2009, trustedCertEntry,
Certificate fingerprint (MD5): 76:6A:A9:65:E1:26:6B:FB:CC:39:16:79:C4:90:C3:E7

#

But when I’m aceessing admin interface at ssl-certificates.jsp, I get:

Exception:

java.security.InvalidKeyException: Supplied key (null) is not a RSAPrivateKey instance
at org.bouncycastle.jce.provider.JDKDigestSignature.engineInitSign(Unknown Source)
at java.security.Signature$Delegate.engineInitSign(Unknown Source)
at java.security.Signature.initSign(Unknown Source)
at org.bouncycastle.jce.PKCS10CertificationRequest.(Unknown Source)
at org.bouncycastle.jce.PKCS10CertificationRequest.(Unknown Source)
at org.jivesoftware.util.CertificateManager.createSigningRequest(CertificateManage r.java:392)
at org.jivesoftware.openfire.admin.ssl_002dcertificates_jsp._jspService(ssl_002dce rtificates_jsp.java:548)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1093)
at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:11 8)
at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:66)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:42)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:70)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:146)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollect ion.java:206)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:324)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.j ava:829)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488)

I’m using this guide: http://www.igniterealtime.org/builds/wildfire/docs/latest/documentation/ssl-guid e.html.

Please help

How to import signed SSL certificate using keytab

  1. Delete all certificates

keytool -delete -keystore keystore -alias example-rsa

keytool -delete -keystore keystore -alias example-dsa

  1. Import CA cert:

keytool -import -keystore keystore -alias cacert -file ./cacert.crt

  1. Generate CSR

keytool -genkey -keystore keystore -alias example-rsa -keyalg RSA
keytool -certreq -keystore keystore -alias example-rsa -file example-rsa.csr -keyalg RSA

  1. Sign it.

  2. Convert it to DER:

openssl x509 -in example-rsa.crt -inform PEM -out example-rsa.crt.der -outform DER

  1. Import the certificate:

keytool -import -keystore keystore -alias example-rsa -file example.com-rsa.crt.der -keyalg RSA