Press "Enter" to skip to content

apache-Tomcat error on starting after changing the SSL Key / Keystore

apache-Tomcat error on starting after changing the SSL Key / Keystore

The keystore and SSL key must be the same as listed in ~/conf/server.xml

SEVERE: Error starting endpoint
java.io.IOException: Cannot recover key

at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:527)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565)
at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:203)
at org.apache.catalina.connector.Connector.start(Connector.java:1095)
at org.apache.catalina.core.StandardService.start(StandardService.java:540)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

Solution:

Fix via keytool on with passords on the command line, interactive passwd changing via CLI generates an error saying they must be different. 

keytool -keypasswd -alias your_alias -keypass old_passwd -new new_passwd -keystore ./keystore