Posted by ErmanArslansOracleBlog on Aug 06, 2015; 8:21pm
URL: http://erman-arslan-s-oracle-forum.124.s1.nabble.com/java-certificates-jarsigner-unable-to-recover-key-from-keystore-tp399p408.html

Did you see my last update regarding "unable to recover key from keystore" ?

Also,

If you are using your private Root CA to sign jar files, then add the new Root CA to java cacerts
Otherwise, when running  jarsigner -verify -verbose -certs  on a signed jar file, you might see an error due to trust anchors not available in certificate chain
   [CertPath not validated: Path does not chain with any of the trust anchor