Folks,
I'm nearly embarrassed having to ask this but I'm having issues starting
up the Management Interface in the embedded Tomcat scenario.
The error is technically obvious:
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe
contents entry: javax.crypto.BadPaddingException: Given final block not
properly padded. Such issues can arise if a bad key is used during decryption.
Environment is:
CAS Version: 6.1.0-RC4
CAS Commit Id: caabdd579ab6190a896de03ceeeb1b26d0bab81a
CAS Build Date/Time: 2020-08-12T16:06:56.197Z
Spring Boot Version: 2.2.0.M3
Spring Version: 5.2.0.M2
Java Home: /Library/Java/JavaVirtualMachines/jdk-11.0.7.jdk/Contents/Home
Java Vendor: Oracle Corporation
Java Version: 11.0.7
JVM Free Memory: 240 MB
JVM Maximum Memory: 2 GB
JVM Total Memory: 378 MB
JCE Installed: Yes
OS Architecture: x86_64
OS Name: Mac OS X
OS Version: 10.15.5
Now this isn't my first rodeo ride with certificates so here is what
I've done so far trying to solve this.
* Confirmed the the management.properties file being picked up by the
run-time is correct (put in incorrect directive and it complained).
* Confirmed Syntax for the Certificate Directives via examples and the
CAS interactive Shell.
management.server.ssl.key-store: file:/Users/colinr/DevTree/devkeystore.jks
management.server.ssl.key-store-password: <password>
It should be noted that the keystore is of type PKCS12 and it's the
exact same keystore as being used by my standalone Tomcat 9.0.26
environment that CAS itself runs on successfully. Said tomcat
environment is started by the same users that runs the embedded one.
* I've opened up permissions to the file totally.
* I'm able to "keytool -list" the certificate in this keystore directly
via "keytool" and responds properly to the correct and incorrect
keystore password.
* I'm able to view details of certificate via keytool
* Certificate alias is tomcat
* Certificate is NOT expired.
* Certificate is loaded in the the Java's truststore via the InstallCert
tool.
* I tried generating a new keystore via "keytool -genkeypair -alias
tomcat -keyalg RSA -keysize 2048 -keystore managementkeystore.jks
-validity 3650 -storepass testadmin" same result.
* keytool and activated Java environment for the run time is from the
same distribution.
* I've run the overlay before like this without issues, however that was
6.0.2-SNAPSHOT on 10.15.4.
Frankly I'm totally stumped but expect the issue to be an embarrassingly
obvious one.
Cheers
Colin
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/71606001-1c08-d1a9-962d-4f725e8dd42a%40caveo.ca.
