Nexus不以我的新SSL密钥库.jks启动

qoefvg9y  于 2023-06-23  发布在  其他
关注(0)|答案(1)|浏览(62)

我已经为Nexus 2服务器创建了一个新的SSL证书。当我启动它时,应用程序失败并显示消息

java.security.UnrecoverableKeyException: Cannot recover key

下面是我尝试启动 Package 器时的日志。

jvm 1    | 2023-06-13 18:25:02,127+0200 ERROR [WrapperListener_start_runner] *SYSTEM org.sonatype.nexus.bootstrap.jsw.JswLauncher - Failed to start
jvm 1    | java.security.UnrecoverableKeyException: Cannot recover key
jvm 1    |      at sun.security.provider.KeyProtector.recover(KeyProtector.java:328) ~[na:1.8.0_101]
jvm 1    |      at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146) ~[na:1.8.0_101]
jvm 1    |      at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56) ~[na:1.8.0_101]
jvm 1    |      at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96) ~[na:1.8.0_101]
jvm 1    |      at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70) ~[na:1.8.0_101]
jvm 1    |      at java.security.KeyStore.getKey(KeyStore.java:1023) ~[na:1.8.0_101]
jvm 1    |      at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133) ~[na:1.8.0_101]
jvm 1    |      at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70) ~[na:1.8.0_101]
jvm 1    |      at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256) ~[na:1.8.0_101]
jvm 1    |      at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1080) ~[jetty-util-8.1.16.v20140903.jar:8.1.16.v20140903]
jvm 1    |      at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:291) ~[jetty-util-8.1.16.v20140903.jar:8.1.16.v20140903]
jvm 1    |      at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) ~[jetty-util-8.1.16.v20140903.jar:8.1.16.v20140903]
jvm 1    |      at org.eclipse.jetty.server.ssl.SslSelectChannelConnector.doStart(SslSelectChannelConnector.java:612) ~[jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
jvm 1    |      at org.sonatype.nexus.bootstrap.jetty.InstrumentedSslSelectChannelConnector.doStart(InstrumentedSslSelectChannelConnector.java:91) ~[nexus-bootstrap-2.14.4-03.jar:2.14.4-03]
jvm 1    |      at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) ~[jetty-util-8.1.16.v20140903.jar:8.1.16.v20140903]
jvm 1    |      at org.eclipse.jetty.server.Server.doStart(Server.java:293) ~[jetty-server-8.1.16.v20140903.jar:8.1.16.v20140903]
jvm 1    |      at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) ~[jetty-util-8.1.16.v20140903.jar:8.1.16.v20140903]
jvm 1    |      at org.sonatype.nexus.bootstrap.jetty.JettyServer$JettyMainThread.run(JettyServer.java:247) ~[nexus-bootstrap-2.14.4-03.jar:2.14.4-03]

使用旧的keystore.jks时,服务器启动时没有任何pb。当我检查用于访问keystore. jks的密码时,我没有问题。
这两个命令使用相同的密码。

keytool -list -v -keystore keystore.jks.old
keytool -list -v -keystore keystore.jks.new

两个密钥库中使用的CN相同。新的keystore.jks一定有问题。但是,我不知道是什么。有没有办法解决这个问题?

ssl

1条答案

按热度按时间
yx2lnoni

yx2lnoni1#

正如dave所解释的那样,问题来自pkcs 12是用另一个密码加密的。我的keytool -list命令没有检查那个密码,这就是为什么我不能区分新旧keystore.jks之间的区别

赞(0)分享  回复(0)举报  2023-06-23
我来回答

相关问题

    查看更多
    微信公众号

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com