Geek Answers Handbook

KeyStoreException: There are no private keys in the keystore.

In the course of using client certificates for authentication, I decided to use not -commons-SSL-0.3.11.jar yet . This led to another problem - a simple act of calling the constructor on EasySSLProtocolSocketFactory or StrictSSLProtocolSocketFactory will StrictSSLProtocolSocketFactory an exception.

Code highlighted in a simple cmd application:

 public class CertTest { public static void main(String[] args) { System.setProperty("javax.net.debug", "ssl,handshake"); // SSL DEBUG INFO String keystore = "/usr/java/jdk1.6.0_11/jre/lib/security/cacerts"; String keystorePassword = "changeit"; System.setProperty("javax.net.ssl.keyStore", keystore); System.setProperty("javax.net.ssl.keyStorePassword", keystorePassword); // System.setProperty("javax.net.ssl.trustStore", keystore); // System.setProperty("javax.net.ssl.trustStorePassword", keystorePassword); try { org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory factory = new org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory(); } catch (Exception e) { System.out.println (e); }

}}

To isolate problems with old libraries, I put the above code in a directory with these banks (these are ONLY banks in the classpath):

  • HttpClient-4.0.1.jar
  • not yet-Common-SSL-0.3.11.jar
  • Common-HttpClient-3.1.jar
  • httpcore-4.0.1.jar

So, with some client certificates in the cacerts keystore, I get: org.apache.commons.ssl.ProbablyBadPasswordException: Probably bad JKS-Key password: java.security.UnrecoverableKeyException: Password must not be null

If I use keytool to remove all client certificates that I downloaded, the exception changes to

** Caused by: java.security.KeyStoreException: there are no private keys in the keystore! **
at org.apache.commons.ssl.KeyStoreBuilder.validate (KeyStoreBuilder.java:269)
at org.apache.commons.ssl.KeyStoreBuilder.build (KeyStoreBuilder.java:129)
at org.apache.commons.ssl.KeyMaterial. (KeyMaterial.java:179)
at org.apache.commons.ssl.KeyMaterial. (KeyMaterial.java:170)
at org.apache.commons.ssl.KeyMaterial. (KeyMaterial.java:160)
at org.apache.commons.ssl.KeyMaterial. (KeyMaterial.java:64)
at org.apache.commons.ssl.KeyMaterial. (KeyMaterial.java:114)
at org.apache.commons.ssl.KeyMaterial. (KeyMaterial.java:89)
at org.apache.commons.ssl.SSL. (SSL.java:142)
at org.apache.commons.ssl.SSLClient. (SSLClient.java:59)
at org.apache.commons.ssl.HttpSecureProtocol. (HttpSecureProtocol.java:55)
at org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory. (EasySSLProtocolSocketFactory.java:94)

Output fragments:

keyStore: /usr/java/jdk1.6.0_11/jre/lib/security/cacerts
keyStore type: jks
KeyStore provider:
init keystore
init keymanager type SunX509
trustStore: /usr/java/jdk1.6.0_11/jre/lib/security/cacerts
Type trustStore: jks
TrustStore Provider:
init truststore
add as a trusted certificate:
Subject: CN = SwissSign Platinum CA - G2, O = SwissSign AG, C = CH
Issuer: CN = SwissSign Platinum CA - G2, O = SwissSign AG, C = CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f

there is a whole bunch of default default certificates ...
initiate SecureRandom sowing
SecureRandom sowing done
@@@@@@@@@@AN EXCEPTION
java.security.KeyStoreException: there are no private keys in the keystore!

Any ideas?

0
source share
1 answer

java.security.KeyStoreException: there are no private keys in the keystore!

This exception specifically complains about the lack of private keys in the keystore you are trying to download.
In the case of cacerts , which is the default reliable Java repository, this is true!

But with the code you posted (which means that you really didn't post any code), or the fact that you are not saying anything about the keystore you are trying to download cannot help you with this.

+1
source

More articles:


All Articles