SSL Settings page not loading (log:java.security.UnrecoverableKeyException)

Openfire Openfire Support
1

I followed the steps outlined at http://www.jivesoftware.org/builds/messenger/docs/latest/documentation/ssl-guide .html

I am running Jive Messenger 2_1_2 on Win2000 Server with JDK 1.5

I can connect to the server but not using SSL. When I log into the admin area when I click on “SSL Settings” it hangs and I never see anything. I went into the install directory and found the admin log and this is the error

16:30:11.000 WARN!! [pool-1-thread-1] org.mortbay.util.ThreadedServer.start(ThreadedServer.java:510) >17> Failed to start: SunJsseListener1@0.0.0.0:9091

16:31:00.191 WARN!! [pool-1-thread-1] org.mortbay.http.JsseListener.newServerSocket(JsseListener.java:217) >19> EXCEPTION

java.security.UnrecoverableKeyException: Cannot recover key

at sun.security.provider.KeyProtector.recover(Unknown Source)

at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)

at java.security.KeyStore.getKey(Unknown Source)

at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.(Unknown Source)

at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(Unknown Source)

at javax.net.ssl.KeyManagerFactory.init(Unknown Source)

at com.sun.net.ssl.KeyManagerFactorySpiWrapper.engineInit(Unknown Source)

at com.sun.net.ssl.KeyManagerFactory.init(Unknown Source)

at org.mortbay.http.SunJsseListener.createFactory(SunJsseListener.java:231)

at org.mortbay.http.JsseListener.newServerSocket(JsseListener.java:193)

at org.mortbay.util.ThreadedServer.open(ThreadedServer.java:466)

at org.mortbay.util.ThreadedServer.start(ThreadedServer.java:495)

at org.mortbay.http.SocketListener.start(SocketListener.java:203)

at org.mortbay.http.HttpServer.doStart(HttpServer.java:703)

at org.mortbay.util.Container.start(Container.java:72)

at org.jivesoftware.messenger.container.AdminConsolePlugin.initializePlugin(AdminC onsolePlugin.java:122)

at org.jivesoftware.messenger.container.PluginManager.loadPlugin(PluginManager.jav a:191)

at org.jivesoftware.messenger.container.PluginManager.access$300(PluginManager.jav a:69)

at org.jivesoftware.messenger.container.PluginManager$PluginMonitor.run(PluginMana ger.java:420)

at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)

at java.util.concurrent.FutureTask$Sync.innerRunAndReset(Unknown Source)

at java.util.concurrent.FutureTask.runAndReset(Unknown Source)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101 (Unknown Source)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodi c(Unknown Source)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknow n Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

It looked to me like it for some reason isn’'t seeing the default keystore so I added this property

xmpp.socket.ssl.keystore

with a value of

resources/security/keystore

After a stop and start of the server it still gives me this error. Any ideas on what may be the problem and how to fix it?

2

Hey Torrey,

The “Cannot recover key” error that you are getting is because the keystore password and the keyEntry password are different. You can follow this link to learn more about this error: http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs17011.

Regards,

– Gato

3

Thanks that is exactly the problem. When it asked me to create a password for the cert it said i could just hit enter and it would make it the same as the keystore pass. Once I actually typed in the password it worked just fine!