After having successfully connected to the SIF Test Harness in HTTPS (thank you Andy!) a couple of weeks ago, I am unable to do so now. I started a new test session and am trying to connect to the HTTPS URL indicated on the test page, but I'm getting an ADKTransportException when I do a zone.connect:
Failed to create outgoing socket to https://COMpLIANCe.SIfiNfo.orG:8443/990E1D310D0911DFBE56A40275F5B943;990E1D320D0911DFBE568E56E455EACD?ESCESC*jEkESCHESC0bYJEPfypESCZESCESCX(URESClESCc2'dtyHESC*6TESCAESCt!ESC~fESCESCESCsNoESCOESCESCWrZhOESClpESCESCP6ESCQESCnESC3A7pESCESClESCESC7sESCESC: java.security.UnrecoverableKeyException: Cannot recover key
I can successfully connect via HTTP. The error message indicates the problem has to do with my trusted.ks, although I'm using the same trusted.ks that I successfully connected with last time. But on the chance it got corrupted I deleted it and recreated it but to no avail. Perhaps I didn't recreate it exactly right -- I tried both JKS and PKCS #12 types. I imported the RSA and DSA trusted certificates from the SIF Test Harness site. What am I doing wrong?
Thanks,
Miriam
Miriam,
I haven't seen that error before, but a quick Google search retrieved this information:
The error “java.security.UnrecoverableKeyException: Cannot recover key” occurs when the keystore and keyEntry passwords are different. To resolve this issue, you must remove all traces of the past certificate and request file.
You must generate a new keystore, keyEntry and CSR and specify the same password for the keystore and the keyEntry.
Is it possible that the password for the key entry (the certificate entry inside the truststore) is different from the trust store password?
Andrew ElmhorstChief ArchitectEdustructures
Well I think you are on the right track because (now that you mention it!) I did change my agent.ks and trusted.ks passwords.
I just tried recreating my agent.ks (regenerating the key pair within it) and I'm definitely using the same password for both (which is the same password used for trusted.ks as well). Of course I have no control over the passwords used to created the certs within trusted.ks -- I don't know what they are.
Now I'm receiving a different error:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No X509TrustManager implementation available
Did I do something wrong when creating agent.ks? I left the default options, such as size: 1024, RSA.
I regenerated the keystore files once again and now it seems to be working. Not sure what was different, but I also restarted the Test Harness test so perhaps there was some problem there. So far so good...