Enabling SSL for MQSeries Adapter Causes java.security.UnrecoverableKeyException

(Doc ID 1210425.1)

Last updated on NOVEMBER 19, 2016

Applies to:

Oracle SOA Platform - Version: and later   [Release: 11gR1 and later ]
Information in this document applies to any platform.


You configure the MQ Series Adapter and it works as expected.
When you enable the MQ Series Adapter for SSL, the following error occurs.

at oracle.integration.platform.blocks.adapter.fw.jca.cci.JCAConnectionManager$JCAConnectionPool.createJCAConnection(JCAConnectionManager.java:1335)
... 59 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38)
at java.security.KeyStore.getKey(KeyStore.java:763)
at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:113)
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239)
at oracle.tip.adapter.mq.ManagedConnectionImpl.setupSSLSocketFactory(ManagedConnectionImpl.java:670)

1) Create a private key with a blank password field so that it inherits the keystore password.
2) Import the private key into the DemoIdentity store.
3) Create a certificate request.
4) Import the response into the keystore.
5) Import CA certificate into DemoTrust.jks.

Even after specifically changing the private key password to match the keystore password, the error still occurs.


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms