Fisheye/Crucible fails to start with SSL - Cannot recover key

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Symptoms

Fisheye/Crucible couldn't start up with the following error in the atlassian-fisheye-<date>.log:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 2013-09-04 12:29:39,792 ERROR - Could not start server: !JsseListener: java.security.UnrecoverableKeyException: Cannot recover key java.io.IOException: !JsseListener: java.security.UnrecoverableKeyException: Cannot recover key at org.mortbay.jetty.security.SslSocketConnector.newServerSocket(SslSocketConnector.java:516) at org.mortbay.jetty.bio.SocketConnector.open(SocketConnector.java:73) at org.mortbay.jetty.AbstractConnector.doStart(AbstractConnector.java:283) at org.mortbay.jetty.bio.SocketConnector.doStart(SocketConnector.java:147) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at org.mortbay.jetty.Server.doStart(Server.java:235) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) at com.cenqua.fisheye.web.WebServer.start(WebServer.java:292) at com.cenqua.fisheye.ctl.Run.mainImpl(Run.java:249) at com.cenqua.fisheye.ctl.Run.main(Run.java:78) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at com.cenqua.fisheye.FishEyeCtl.mainImpl(FishEyeCtl.java:99) at com.cenqua.fisheye.FishEyeCtl.main(FishEyeCtl.java:42)

Cause

The certificate key has a password that is different than keystore password. Normally the key password isn't set and it defaults to the keystore password.

Resolution

Set the key password to be the same as keystore password, e.g.:

1 2 3 4 5 $ keytool -keypasswd -keystore fecru.keystore.kst -alias fisheye Enter keystore password: keystorepass Enter key password for <fisheye>: certkeypass New key password for <fisheye>: keystorepass Re-enter new key password for <fisheye>: keystorepass
Updated on April 8, 2025
Platform
Data Center only
Products
Fisheye Data Center
Crucible Data Center
On this pageSymptomsCauseResolution

Still need help?

The Atlassian Community is here for you.
Ask the Community