• Categories
    • Recent
    • Tags
    • Popular
    • Register
    • Login

    Problem with my own LetsEncrypt certificate

    Scheduled Pinned Locked Moved
    Troubleshooting
    3
    4
    930
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TheRaspyDev
      last edited by TheRaspyDev

      Hi all

      Tried to run MyController with my custom LetsEncrypt certificate. To achieve this, I followed the hints in this post:
      How to enable a SSL certificate?

      Creating the keystore.jks file worked as expected. But when I try to run MyController, I get an error.
      It seems that my keystore format is not known by MyController.

      Here's the stack trace of the error:

      SSLsocket creation:  java.security.UnrecoverableKeyException: Cannot recover key
java.security.UnrecoverableKeyException: Cannot recover key
	at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
	at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146)
	at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
	at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
	at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
	at java.security.KeyStore.getKey(KeyStore.java:1023)
	at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133)
	at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
	at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
	at Acme.Serve.SSLAcceptor.init(SSLAcceptor.java:200)
	at Acme.Serve.Serve.createAcceptor(Serve.java:912)
	at Acme.Serve.Serve.init(Serve.java:769)
	at Acme.Serve.Serve.runInBackground(Serve.java:649)
	at org.jboss.resteasy.plugins.server.tjws.TJWSServletServer.start(TJWSServletServer.java:179)
	at org.jboss.resteasy.plugins.server.tjws.TJWSEmbeddedJaxrsServer.start(TJWSEmbeddedJaxrsServer.java:58)
	at org.mycontroller.standalone.StartApp.startHTTPWebServer(StartApp.java:213)
	at org.mycontroller.standalone.StartApp.startServices(StartApp.java:300)
	at org.mycontroller.standalone.StartApp.startMycontroller(StartApp.java:112)
	at org.mycontroller.standalone.StartApp.main(StartApp.java:98)
2018-03-12 22:07:51,816 ERROR [main] [org.mycontroller.standalone.StartApp:100] Unable to start application, refer error log,
java.lang.RuntimeException: java.io.IOException: java.security.UnrecoverableKeyException: Cannot recover key
	at Acme.Serve.Serve.runInBackground(Serve.java:653)
	at org.jboss.resteasy.plugins.server.tjws.TJWSServletServer.start(TJWSServletServer.java:179)
	at org.jboss.resteasy.plugins.server.tjws.TJWSEmbeddedJaxrsServer.start(TJWSEmbeddedJaxrsServer.java:58)
	at org.mycontroller.standalone.StartApp.startHTTPWebServer(StartApp.java:213)
	at org.mycontroller.standalone.StartApp.startServices(StartApp.java:300)
	at org.mycontroller.standalone.StartApp.startMycontroller(StartApp.java:112)
	at org.mycontroller.standalone.StartApp.main(StartApp.java:98)
Caused by: java.io.IOException: java.security.UnrecoverableKeyException: Cannot recover key
	at Acme.Serve.SSLAcceptor.init(SSLAcceptor.java:213)
	at Acme.Serve.Serve.createAcceptor(Serve.java:912)
	at Acme.Serve.Serve.init(Serve.java:769)
	at Acme.Serve.Serve.runInBackground(Serve.java:649)
	... 6 common frames omitted

      The keystore.jks file is present. When I go back to the original keystore.jks file from github and change back the password in mycontroller.properties to mycontroller, MyController runs as expected.

      I used different passwords for exporting the key to keystore.p12 (source keystore) and importing the key to keystore.jks (destination keystore).

      Any hint on that problem?

      Cheers
      TheRaspyDev

      jkandasaJ 1 Reply Last reply Reply Quote 0
      • jkandasaJ
        jkandasa @TheRaspyDev
        last edited by

        @theraspydev

        can you check your certification keys as follows in your mycontroller.properties file?

        mcc.web.enable.https=true
mcc.web.ssl.keystore.file=
mcc.web.ssl.keystore.password=
mcc.web.ssl.keystore.type=JKS

        Meantime I will try this locally and update you.

        1 Reply Last reply Reply Quote 0
        • T
          TheRaspyDev
          last edited by

          Thanks for your fast answer and your assistance.

          I only changed the password for the keystore. The other settings are default.
          I created my own keystore.jks file from the LetsEncrypt certificate and replaced the original keystore with the self-signed certificate.

          mcc.web.enable.https=true
mcc.web.ssl.keystore.file=../conf/keystore.jks
mcc.web.ssl.keystore.password=*mysupersecretpassword*
mcc.web.ssl.keystore.type=JKS

          After replacing my keystore.jks with the original file from github and setting the password to "mycontroller", https works as expected.

          1 Reply Last reply Reply Quote 0
          • skywatchS
            skywatch
            last edited by

            @TheRaspyDev

            That is interesting news...... Any chance you might like to do a 'step-by-step' how to on this for us dimwits? 😉

            Skywatch

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            0

            Online

            547

            Users

            524

            Topics

            3.4k

            Posts
            Copyright © 2015-2024 MyController.org | Contributors | Localization