[jetty-users] another SSL configuration issue / Cannot recover key

["mh@xxxxxxx" <mh@xxxxxxx>]

Hi,

I've been following the documentation at
http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html

Running jetty-distribution-9.4.3.v20170317
Java 8

I have an official rapidssl certificate to load into jetty.

Historically I performed the CSR myself with openssl
My private key was genered and tempered with a pass phrase with openssl
Got a certificate back from the CA as a .crt file (pem).

Following the Jetty documentation, I have bundled the cert pem file and
intermediate chain file to a single file using:

cat mycert.crt intermediate.cer > mycert-bundled.crt

intermediate.cer is provided to me by the CA.


openssl pkcs12 -inkey myprivate.key -in mycert-bundled.crt -export -out
mycert.pkcs12
Typed my private key password
Typed my export password

Now in my JETTY-BASE, I did :

start.jar --add-to-start=https,ssl

# remove the default keystore
rm etc/keystore

keytool -importkeystore -srckeystore mycert.pkcs12 -srcstoretype PKCS12
-destkeystore etc/keystore

Typed my destination keystore password

I can list the imported entry with :
keytool -list -keystore etc/keystore -storetype jks  -v
(keystore password typed)

Your keystore contains 1 entry

Alias name: 1
Creation date: Apr 6, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
(...)

Typing my keystore password

altered 1 line in start.ini , uncomment and update:
jetty.sslContext.keyStorePassword=<my keystore password>

NOTICE: my keystore password is the same as the key pass phrase
mentioned above
NOTICE2 : I tried both clear and OBF password

After starting Jetty I have the following error:

java.security.UnrecoverableKeyException: Cannot recover key

Is there a password madness I would not be aware of ?

Thanks,