> I had thought the default behavior was that the keystore passphrase would
> also be used to unlock the specific key being queried. I had thought that
> because, by convention, most people do that, and I thought the tooling (such
> as the keytool command) reflected that convention... but I could be wrong
> here.
That's my understanding of how Keytool works. However, given the functionality
I'm seeing with Jetty and these JDK libraries, it leads me to assume that this
convention is built into keytool, rather than being some intrinsic in the JDK.
I'm basing this around the assumption that I wouldn't have seen this error if
this _was_ the case. Just realized I forgot to include the error:
```
2018-09-21 14:00:17,659 [component.AbstractLifeCycle] WARN : FAILED
SslContextFactory@fa4e1e0(/Users/jelser/keystore.jks,/Users/jelser/truststore.jks):
java.security.UnrecoverableKeyException: Cannot recover key
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
at
sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146)
at
sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
at
sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
at
sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
at java.security.KeyStore.getKey(KeyStore.java:1023)
at
sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133)
at
sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
at
org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:904)
at
org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:297)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:125)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:107)
at
org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:64)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:125)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:107)
at
org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:260)
at
org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
at
org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:218)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.server.Server.doStart(Server.java:337)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.apache.accumulo.monitor.EmbeddedWebServer.start(EmbeddedWebServer.java:109)
at org.apache.accumulo.monitor.Monitor.run(Monitor.java:455)
at org.apache.accumulo.monitor.Monitor.main(Monitor.java:418)
at
org.apache.accumulo.monitor.MonitorExecutable.execute(MonitorExecutable.java:33)
at org.apache.accumulo.start.Main$1.run(Main.java:93)
at java.lang.Thread.run(Thread.java:748)
```
[ Full content available at: https://github.com/apache/accumulo/pull/658 ]
This message was relayed via gitbox.apache.org for [email protected]
