Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Cannot recover key during enable tls for cloudera manager admin console

Cannot recover key during enable tls for cloudera manager admin console

Contributor

hi i have met an issue during enable tls for cloudera manager admin console, check the error below:

 

2018-07-22 05:39:09,327 INFO WebServerImpl:com.cloudera.server.web.cmf.AggregatorController: AggregateSummaryScheduler started.

2018-07-22 05:39:10,129 INFO WebServerImpl:org.mortbay.log: jetty-6.1.26.cloudera.4

2018-07-22 05:39:10,132 WARN WebServerImpl:org.mortbay.log: failed SslSelectChannelConnector@0.0.0.0:7183: java.security.UnrecoverableKeyException: Cannot recover key

2018-07-22 05:39:10,133 INFO WebServerImpl:org.mortbay.log: Started SelectChannelConnector@0.0.0.0:7180

2018-07-22 05:39:10,133 WARN WebServerImpl:org.mortbay.log: failed Server@594a1de5: java.security.UnrecoverableKeyException: Cannot recover key

2018-07-22 05:39:10,133 ERROR WebServerImpl:com.cloudera.server.cmf.WebServerImpl: Jetty server failed.  Quitting.

java.security.UnrecoverableKeyException: Cannot recover key

        at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)

        at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146)

        at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)

        at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)

        at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)

        at java.security.KeyStore.getKey(KeyStore.java:1023)

        at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133)

        at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)

        at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)

        at org.mortbay.jetty.security.SslSelectChannelConnector.createSSLContext(SslSelectChannelConnector.java:651)

        at org.mortbay.jetty.security.SslSelectChannelConnector.doStart(SslSelectChannelConnector.java:613)

        at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)

        at org.mortbay.jetty.Server.doStart(Server.java:235)

        at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)

        at com.cloudera.server.cmf.WebServerImpl.run(WebServerImpl.java:352)

 

 

now the cloudera manager server could not start neither on 7183 nor 7180. can anyone help me work around the issue?

1 REPLY 1

Re: Cannot recover key during enable tls for cloudera manager admin console

Super Guru

@jjiang,

 

The last time I recall this happening, I think it was caused by the keystore and key passwords being different in the JKS file you specified for the "Cloudera Manager TLS/SSL Server JKS Keystore File Location" configuration in Cloudera Manager. Cloudera Manager assumes the -storepasswd and -keypasswd passwords are the same, so you need to make sure they also are the same in the Keystore file.

 

To do so, you can use the "keytool" java utility to change the passwords and make sure they match what you entered into the "Cloudera Manager TLS/SSL Server JKS Keystore File Password" configuration of Cloudera Manager.

 

I'm not certain that the password mismatch is the cause, but it would be good to verify that the passwords do match.

 

 

Don't have an account?
Coming from Hortonworks? Activate your account here