Problem with my own LetsEncrypt certificate



  • Hi all

    Tried to run MyController with my custom LetsEncrypt certificate. To achieve this, I followed the hints in this post:
    How to enable a SSL certificate?

    Creating the keystore.jks file worked as expected. But when I try to run MyController, I get an error.
    It seems that my keystore format is not known by MyController.

    Here's the stack trace of the error:

    SSLsocket creation:  java.security.UnrecoverableKeyException: Cannot recover key
    java.security.UnrecoverableKeyException: Cannot recover key
    	at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
    	at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146)
    	at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
    	at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
    	at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
    	at java.security.KeyStore.getKey(KeyStore.java:1023)
    	at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133)
    	at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
    	at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
    	at Acme.Serve.SSLAcceptor.init(SSLAcceptor.java:200)
    	at Acme.Serve.Serve.createAcceptor(Serve.java:912)
    	at Acme.Serve.Serve.init(Serve.java:769)
    	at Acme.Serve.Serve.runInBackground(Serve.java:649)
    	at org.jboss.resteasy.plugins.server.tjws.TJWSServletServer.start(TJWSServletServer.java:179)
    	at org.jboss.resteasy.plugins.server.tjws.TJWSEmbeddedJaxrsServer.start(TJWSEmbeddedJaxrsServer.java:58)
    	at org.mycontroller.standalone.StartApp.startHTTPWebServer(StartApp.java:213)
    	at org.mycontroller.standalone.StartApp.startServices(StartApp.java:300)
    	at org.mycontroller.standalone.StartApp.startMycontroller(StartApp.java:112)
    	at org.mycontroller.standalone.StartApp.main(StartApp.java:98)
    2018-03-12 22:07:51,816 ERROR [main] [org.mycontroller.standalone.StartApp:100] Unable to start application, refer error log,
    java.lang.RuntimeException: java.io.IOException: java.security.UnrecoverableKeyException: Cannot recover key
    	at Acme.Serve.Serve.runInBackground(Serve.java:653)
    	at org.jboss.resteasy.plugins.server.tjws.TJWSServletServer.start(TJWSServletServer.java:179)
    	at org.jboss.resteasy.plugins.server.tjws.TJWSEmbeddedJaxrsServer.start(TJWSEmbeddedJaxrsServer.java:58)
    	at org.mycontroller.standalone.StartApp.startHTTPWebServer(StartApp.java:213)
    	at org.mycontroller.standalone.StartApp.startServices(StartApp.java:300)
    	at org.mycontroller.standalone.StartApp.startMycontroller(StartApp.java:112)
    	at org.mycontroller.standalone.StartApp.main(StartApp.java:98)
    Caused by: java.io.IOException: java.security.UnrecoverableKeyException: Cannot recover key
    	at Acme.Serve.SSLAcceptor.init(SSLAcceptor.java:213)
    	at Acme.Serve.Serve.createAcceptor(Serve.java:912)
    	at Acme.Serve.Serve.init(Serve.java:769)
    	at Acme.Serve.Serve.runInBackground(Serve.java:649)
    	... 6 common frames omitted
    

    The keystore.jks file is present. When I go back to the original keystore.jks file from github and change back the password in mycontroller.properties to mycontroller, MyController runs as expected.

    I used different passwords for exporting the key to keystore.p12 (source keystore) and importing the key to keystore.jks (destination keystore).

    Any hint on that problem?

    Cheers
    TheRaspyDev


  • ADMIN

    @theraspydev

    can you check your certification keys as follows in your mycontroller.properties file?

    mcc.web.enable.https=true
    mcc.web.ssl.keystore.file=
    mcc.web.ssl.keystore.password=
    mcc.web.ssl.keystore.type=JKS
    

    Meantime I will try this locally and update you.



  • Thanks for your fast answer and your assistance.

    I only changed the password for the keystore. The other settings are default.
    I created my own keystore.jks file from the LetsEncrypt certificate and replaced the original keystore with the self-signed certificate.

    mcc.web.enable.https=true
    mcc.web.ssl.keystore.file=../conf/keystore.jks
    mcc.web.ssl.keystore.password=*mysupersecretpassword*
    mcc.web.ssl.keystore.type=JKS
    

    After replacing my keystore.jks with the original file from github and setting the password to "mycontroller", https works as expected.



  • @TheRaspyDev

    That is interesting news...... Any chance you might like to do a 'step-by-step' how to on this for us dimwits? 😉

    Skywatch


 

Suggested Topics

4
Online

363
Users

348
Topics

2.1k
Posts