Hi Stefan, Please post your configuration of graylog2-web-interface. Which version of the web interface are you using?
Cheers, Jochen Am Freitag, 5. September 2014 11:00:12 UTC+2 schrieb Stefan Zahnd: > > Hi > > I try to create the a keytool from an existing certificate and private key > created with openssl. I can create the keystore and start the web gui with > https support. When I try to browse the site I get a "Cannot recover key" > error on the console. > > Play server process ID is 7262 > [debug] application - Loading timeout value into cache from configuration > for key DEFAULT: Not configured, falling back to default. > [debug] application - Loading timeout value into cache from configuration > for key node_refresh: Not configured, falling back to default. > [info] play - Application started (Prod) > [info] play - Listening for HTTP on /0:0:0:0:0:0:0:0:9000 > [info] play - Listening for HTTPS on port /0:0:0:0:0:0:0:0:443 > [error] play - Error loading HTTPS keystore from keystore.jks > java.security.UnrecoverableKeyException: Cannot recover key > at sun.security.provider.KeyProtector.recover(KeyProtector.java:328) > ~[na:1.7.0_65] > at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java: > 138) ~[na:1.7.0_65] > at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore. > java:55) ~[na:1.7.0_65] > at java.security.KeyStore.getKey(KeyStore.java:792) ~[na:1.7.0_65] > at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl > .java:131) ~[na:1.7.0_65] > at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit( > KeyManagerFactoryImpl.java:68) ~[na:1.7.0_65] > [error] p.nettyException - Exception caught in Netty > > I tried the following to create the keystore > > 1. Convert OpenSSL Certificates to Java Keytool > > openssl pkcs12 -export -nodes -in servercert.pem -inkey serverkey.key -out > server.p12 > > 2. Import PKCS12 into Keytool > > keytool -importkeystore -srckeystore server.p12 -srcstoretype PKCS12 > -srcstorepass > <pass-p12> -destkeystore keystore.jks -deststoretype JKS > > The output of the PKCS12 verification is as followed > MAC Iteration 2048 > MAC verified OK > PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048 > Certificate bag > Bag Attributes > localKeyID: 05 0E 22 2D A5 94 68 A7 E8 19 C9 38 CF EB 18 6A 29 AA 15 > 4A > subject=/C=CH/ST=Bern/L=Bern/O=Universitaet Bern/OU=Informatikdienste/CN= > idlogger.unibe.ch > issuer=/C=BM/O=QuoVadis Limited/CN=QuoVadis Global SSL ICA G2 > -----BEGIN CERTIFICATE----- > ... > -----END CERTIFICATE----- > Certificate bag > Bag Attributes: <No Attributes> > subject=/C=BM/O=QuoVadis Limited/CN=QuoVadis Global SSL ICA G2 > issuer=/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 > -----BEGIN CERTIFICATE----- > .... > -----END CERTIFICATE----- > PKCS7 Data > Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048 > Bag Attributes > localKeyID: 05 0E 22 2D A5 94 68 A7 E8 19 C9 38 CF EB 18 6A 29 AA 15 > 4A > Key Attributes: <No Attributes> > Enter PEM pass phrase: > Verifying - Enter PEM pass phrase: > -----BEGIN ENCRYPTED PRIVATE KEY----- > .... > -----END ENCRYPTED PRIVATE KEY----- > > The Keytool verification says > Keystore-Typ: JKS > Keystore-Provider: SUN > > Keystore contains 1 entry > > 1, 05.09.2014, PrivateKeyEntry, > Zertifikat-Fingerprint (SHA1): 05:0E:22:2D:A5:94:68:A7:E8:19:C9:38:CF:EB: > 18:6A:29:AA:15:4A > > The passwords are all the same (within the keystore). > > If somebody has an idea what else I could try I would be really happy and > thankful :)! > > Kind regards > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
