Trying to update custom-keystore.jks with a new certificate as old certificate got expired. When we try to restart the NAC, we encounter below error in several logs

Aug 08, 2019 10:52:27 AM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector

INFO: Using a shared selector for servlet write/read

Aug 08, 2019 10:52:27 AM org.apache.coyote.AbstractProtocol init

INFO: Initializing ProtocolHandler ["http-nio-8443"]

Aug 08, 2019 10:52:28 AM org.apache.coyote.AbstractProtocol init

SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-nio-8443"]

java.security.UnrecoverableKeyException: Cannot recover key

at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)

Release : 6.4, 6.5,6.6 or higher

Component : CA RELEASE AUTOMATION RELEASE OPERATIONS CENTER

The certificate key has a password that is different than keystore password. Normally the key password isn't set and it defaults to the keystore password. 

The most recommended solution for this is to set the key password to be the same as keystore password.

Example command for same is

$ keytool -keypasswd -keystore <PATH TO KEYSTORE> -alias <ALIAS NAME>