Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

java.security.UnrecoverableKeyException: Cannot recover key

SA-7996

Summary



Websphere is configured to use your custom Identity Keystore and ABCDefaultKeyStore.jks is causing REST call failures. The error are observed in PegaRULES log file.

Error Messages



[3/20/15 14:59:14:688 EDT] 000000cf stdout Z keyStore is: /opt/bbb/common/certs/ABCDefaultKeyStore.jks
[3/20/15 14:59:14:689 EDT] 000000cf stdout Z keyStore type is: jks
[3/20/15 14:59:14:689 EDT] 000000cf stdout Z keyStore provider is:
[3/20/15 14:59:14:689 EDT] 000000cf stdout Z init keystore
[3/20/15 14:59:14:690 EDT] 00000082 stdout Z 2015-03-20 14:59:14,690 [ WebContainer : 1] [ STANDARD] [IssuerPEGA:01.01.01] (ector.Rule_Connect_REST.Action) ERROR dev.disputes.infoftps.com N13589A - java.lang.IllegalStateException: Failure initializing default SSL context

[3/20/15 14:59:14:691 EDT] 00000082 stdout Z 2015-03-20 14:59:14,690 [ WebContainer : 1] [ STANDARD] [IssuerPEGA:01.01.01] (ector.Rule_Connect_REST.Action) ERROR dev.disputes.infoftps.com N13589A - Caught unhandled exception: java.lang.IllegalStateException: Failure initializing default SSL context
java.lang.IllegalStateException: Failure initializing default SSL context
at com.pega.apache.http.conn.ssl.SSLSocketFactory.createDefaultSSLContext(SSLSocketFactory.java:212)
at com.pega.apache.http.conn.ssl.SSLSocketFactory.<init>(SSLSocketFactory.java:334)
at com.pega.apache.http.conn.ssl.SSLSocketFactory.getSocketFactory(SSLSocketFactory.java:165)
at com.pega.apache.http.impl.conn.SchemeRegistryFactory.createDefault(SchemeRegistryFactory.java:46)
at com.pega.apache.http.impl.client.AbstractHttpClient.createClientConnectionManager(AbstractHttpClient.java:294)
at com.pega.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:445)
at com.pega.apache.http.impl.client.AbstractHttpClient.createHttpContext(AbstractHttpClient.java:276)
at com.pega.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:797)
at com.pega.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at com.pegarules.generated.activity.ra_action_pyinvokerestconnector_df52818cef8298fb6efc6d2a51806775.step5_circum0(ra_action_pyinvokerestconnector_df52818cef8298fb6efc6d2a51806775.java:1144)
...Caused by:
java.security.UnrecoverableKeyException: Cannot recover key
at com.ibm.crypto.provider.s.recover(Unknown Source)
at com.ibm.crypto.provider.JavaKeyStore.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(KeyStore.java:803)
at com.ibm.jsse2.uc.<init>(uc.java:2)
at com.ibm.jsse2.cc$a_.engineInit(cc$a_.java:15)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:16)
at com.pega.apache.http.conn.ssl.SSLSocketFactory.createSSLContext(SSLSocketFactory.java:187)
at com.pega.apache.http.conn.ssl.SSLSocketFactory.createDefaultSSLContext(SSLSocketFactory.java:210)


Steps to Reproduce



Not Applicable

Root Cause



The root cause of this problem is defect/misconfiguration in the PRPC operating environment. The private key password is incorrect inside the keystore.

Resolution



Update the keystore with correct private key password and restart the JVM.

Published January 31, 2016 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us