Fix for Cannot recover key error in JAVA

This is how i fixed Cannot recover key error in JAVA while i was setting up an SSL configuration for one of the Application Servers. Following is the part of the exception that i noted in the error log of my app,I couldn't start
my tomcat and jboss servers because of the below error.

ERROR - Could not start server:java.security.UnrecoverableKeyException: Cannot recover key
java.io.IOException: !JsseListener: java.security.UnrecoverableKeyException: Cannot recover key
at org.mortbay.jetty.security.SslSocketConnector.newServerSocket(SslSocketConnector.java:516)
at org.mortbay.jetty.bio.SocketConnector.open(SocketConnector.java:73)
at org.mortbay.jetty.AbstractConnector.doStart(AbstractConnector.java:283)
at org.mortbay.jetty.bio.SocketConnector.doStart(SocketConnector.java:147)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)

I see there are lot of post in google, but hard to find the exact solution, here it goes.

What causes this SSL error?

The answer is simple, the passwords of the Certificate Key and the generated keystore are different, they cannot be different and they should be same.If your certificate cer/crt/pfx key has a password called hpanswers then
your generated keystore file should also have a similar password called hpanswers, it cannot be different, so both the certificate key and the jks keystore file should have the same password.

You either need to regenerate the keystore with the same password as certificate key or change the password for both..Set the key password to be the same as keystore password, using the below java keytool command

The below is an example , here the certificate key password is oldpass and the key password is hpanswers, we are now changing they certificate key password to hpanswers

$ keytool -keypasswd -keystore test.jks -alias ssltest
Enter keystore password: hpanswers
Enter key password for ssltesr: oldpass

New key password for ssltest: hpanswers

Re-enter new key password for : hpanswers

Following is some useful information i noted while i was solving this posted on globalsign

How to Fix "Cannot Recover Key" Error

The error “java.security.UnrecoverableKeyException: Cannot recover key” occurs when the keystore and keyEntry passwords are different. To resolve this issue, you must remove all traces of the past certificate and request the file.

You must generate a new keystore, keyEntry and CSR. You must also specify the same password for the keystore and the keyEntry.

Useful References to understand this issue better.

java.io.IOException: Cannot recover key
Cannot recover
key tomcat
Fish Eye Server Error

Posted by Ans
Pri at Saturday,
November 22, 2014

转载：http://blog.csdn.net/lvron/article/details/7421548

Android开发中，用数字证书签名打包时

第一步： 输入keystore密码 通过

第二步：输入alias密码 不通过时 便会报这个错。

java.security.UnrecoverableKeyException: Cannot recover key

This exception may result from the fact that you had provided a key password that was different from the keystore password

此错误由调用getKey（alias,aliaspassword）函数抛出。