Ahh, running the SFS2X script was something I had clean forgot to do!
This problem is now solved. See below for infoRunning the script-file gave us something interesting;
SEVERE: Failed to initialize component [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1049)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:556)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1042)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:724)
at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
at com.smartfoxserver.v2.http.TomcatServer.start(TomcatServer.java:43)
at com.smartfoxserver.v2.SmartFoxServer$1.run(SmartFoxServer.java:324)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.lang.IllegalArgumentException: Cannot recover key
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:231)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1213)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1226)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:603)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1046)
... 16 more
Caused by: java.security.UnrecoverableKeyException: Cannot recover key
at java.base/sun.security.provider.KeyProtector.recover(KeyProtector.java:304)
at java.base/sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:144)
at java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:90)
at java.base/java.security.KeyStore.getKey(KeyStore.java:1057)
at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:352)
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:245)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
... 23 more
Which I am guessing is some kind of inability to read the SSL file.
To answer your nginx question, yes, I simply ran it under my local user account (didn't even bother starting it as a service)
However, there may be a key difference here, that I used the raw files (cer/key) to load SSL in nginx, and the JKS for SFS. I generated the JKS file using the keytool in JDK 11 (11.0.16 via apt install)
Given the message I got above, I went ahead and re-generated the JKS file again and got the same problem. I've checked the clock and timezone settings, and they all seem to match.
As a "hail mary" I decided to generate the JKS on the sister machine (as this meant installing the JDK on it), using the Eclipse Adoptium JDK (11.0.16.1+1), which appears to have solved the problem. Generating the key on the primary machine, again broke it (performed to check repeatability). I have installed EA JDK on the primary machine, and now this too works correctly.
I have re-installed the package manager version of JDK 11.0.16 and
it no longer fails. So, I'm going to guess there was a problem with the JDK installation.
Thanks for the assist.