Colin, Maybe add your certificate to the java ketstore. https://docs.oracle.com/cd/E54932_01/doc.705/e54936/cssg_create_ssl_cert.htm#CSVSG180
Ray On Mon, 2020-08-24 at 15:25 -0400, Colin Ryan wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Folks, So I've still not managed to move past this. Even even started from scratch. git clone https://github.com/apereo/cas-management-overlay.git git checkout 6.0.x ./build.sh clean ./build.sh run - breaks because it can't seem to find some of the required components for the 6.0.x gradle.properties of 6.0.2-SNAPSHOT So I go fine, old branch, I'll try master. git checkout master ./build.sh clean ./build.sh run gives again the whole dialog below. It cannot open my keystore file. But the keystore file is fine. In fact as mentioned below if I change reference to the file it errors out appropriately, indicating it's consuming the correct configuration. At this point I can't seem to get the Management Interface to function. As you can see also below I even created a new self signed keystore with a basic password thinking that maybe special characters were the issue. Not go, again was working before my development environment blew up. I have a backup of it, but build and run for that can't find components (old branch?). Any idea what stupidity I'm missing. Thanks On 8/12/20 12:43 PM, Colin Ryan wrote: Folks, I'm nearly embarrassed having to ask this but I'm having issues starting up the Management Interface in the embedded Tomcat scenario. The error is technically obvious: Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption. Environment is: CAS Version: 6.1.0-RC4 CAS Commit Id: caabdd579ab6190a896de03ceeeb1b26d0bab81a CAS Build Date/Time: 2020-08-12T16:06:56.197Z Spring Boot Version: 2.2.0.M3 Spring Version: 5.2.0.M2 Java Home: /Library/Java/JavaVirtualMachines/jdk-11.0.7.jdk/Contents/Home Java Vendor: Oracle Corporation Java Version: 11.0.7 JVM Free Memory: 240 MB JVM Maximum Memory: 2 GB JVM Total Memory: 378 MB JCE Installed: Yes OS Architecture: x86_64 OS Name: Mac OS X OS Version: 10.15.5 Now this isn't my first rodeo ride with certificates so here is what I've done so far trying to solve this. * Confirmed the the management.properties file being picked up by the run-time is correct (put in incorrect directive and it complained). * Confirmed Syntax for the Certificate Directives via examples and the CAS interactive Shell. management.server.ssl.key-store: file:/Users/colinr/DevTree/devkeystore.jks management.server.ssl.key-store-password: <password> It should be noted that the keystore is of type PKCS12 and it's the exact same keystore as being used by my standalone Tomcat 9.0.26 environment that CAS itself runs on successfully. Said tomcat environment is started by the same users that runs the embedded one. * I've opened up permissions to the file totally. * I'm able to "keytool -list" the certificate in this keystore directly via "keytool" and responds properly to the correct and incorrect keystore password. * I'm able to view details of certificate via keytool * Certificate alias is tomcat * Certificate is NOT expired. * Certificate is loaded in the the Java's truststore via the InstallCert tool. * I tried generating a new keystore via "keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -keystore managementkeystore.jks -validity 3650 -storepass testadmin" same result. * keytool and activated Java environment for the run time is from the same distribution. * I've run the overlay before like this without issues, however that was 6.0.2-SNAPSHOT on 10.15.4. Frankly I'm totally stumped but expect the issue to be an embarrassingly obvious one. Cheers Colin -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/71606001-1c08-d1a9-962d-4f725e8dd42a%40caveo.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/71606001-1c08-d1a9-962d-4f725e8dd42a%40caveo.ca?utm_medium=email&utm_source=footer>. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/429341d0d6b1d2f4aad38cc6411e8245df13ab70.camel%40uvic.ca.