[Portugal] Erro ao iniciar o Geoserver - keystore

Jorge Penedo jorge.penedo gmail.com
Quarta-Feira, 28 de Setembro de 2022 - 06:48:16 PDT 

Olá boa tarde.

Estou a tentar configurar um servidor geoserver 2.20.5 com o módulo ssl
de forma a usar o protocolo https.

A instalação está a correr sobre windows e o servirod do geoserver é o jetty

Como a instituição para a qual trabalho já tem um certificado  pfx recorri
ao comando

keytool -importkeystore -srckeystore m:\certs\mycert.pt.pfx -srcstoretype
pkcs12 -destkeystore m:\certs\keystore -deststoretype JKS

Para a gerar o keystore do geoserver, que coloquei na diretoria \etc
A password a usar foi sempre a mesma.

Para obter a password em OBF recorri ao comando

java -cp jetty-util-9.4.36.v20210114.jar
org.eclipse.jetty.util.security.Password mypassword

( nota a verão do jetty foi aferida)

Posteriormente fiz as alterações necessárias aos ficheiros start.ini e ao
jetty-ssl-context.xml

Como foi fazer o start ao serviço, obtenho as seguintes m,ensagens no
ficheiro de logs, e o serviço para.

2022-09-23 11:18:14.395:INFO:oejsh.ContextHandler:main: Started
o.e.j.w.WebAppContext  33f88ab{GeoServer,/geoserver,file:///C:/Program%20Files/GeoServer/webapps/geoserver/,AVAILABLE}{C:\Program
Files\GeoServer\webapps\geoserver}
2022-09-23 11:18:14.426:INFO:oejs.AbstractConnector:main: Started
ServerConnector  2771e501{HTTP/1.1, (http/1.1)}{0.0.0.0:8080}
2022-09-23 11:18:14.426:INFO:oejus.SslContextFactory:main: x509=X509  2140582
(1,h=[sines.pt],w=[sines.pt]) for Server  2640f5ea
[provider=null,keyStore=file:///C:/Program%20Files/GeoServer/etc/keystore,trustStore=file:///C:/Program%20Files/GeoServer/etc/keystore]
2022-09-23 11:18:14.426:WARN:oejx.XmlConfiguration:main:
java.security.PrivilegedActionException:
java.security.UnrecoverableKeyException: Cannot recover key
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1857)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.eclipse.jetty.start.Main.invokeMain(Main.java:218)
at org.eclipse.jetty.start.Main.start(Main.java:491)
at org.eclipse.jetty.start.Main.main(Main.java:77)
Caused by:
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(Unknown Source)
at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(Unknown Source)
at sun.security.provider.KeyStoreDelegator.engineGetKey(Unknown Source)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(Unknown
Source)
at java.security.KeyStore.getKey(Unknown Source)
at sun.security.ssl.SunX509KeyManagerImpl.<init>(Unknown Source)
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(Unknown Source)
at javax.net.ssl.KeyManagerFactory.init(Unknown Source)
at
org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1243)
at
org.eclipse.jetty.util.ssl.SslContextFactory$Server.getKeyManagers(SslContextFactory.java:2267)
at
org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:372)
at
org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:243)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at
org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at
org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:321)
at
org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
at
org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.server.Server.doStart(Server.java:401)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at
org.eclipse.jetty.xml.XmlConfiguration.lambda$main$3(XmlConfiguration.java:1907)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1857)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.eclipse.jetty.start.Main.invokeMain(Main.java:218)
at org.eclipse.jetty.start.Main.start(Main.java:491)
at org.eclipse.jetty.start.Main.main(Main.java:77)

Alguém sabe o porquê, e como solucionar?


-- 
Jorge Manuel Ramos Penedo
-------------- próxima parte ----------
Um anexo em HTML foi limpo...
URL: <http://lists.osgeo.org/pipermail/portugal/attachments/20220928/a88dc154/attachment.htm>

Mais informações acerca da lista Portugal