Hello, the relevant error is: Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
It seems there is something wrong with your keystore. Are both, private and public key in the p12 file? Can you check the contents with keytool? Alternatively, you can also use pem files, they are more readable than p12. Greetings, Thomas > -----Ursprüngliche Nachricht----- > Von: Kevin Huntly <kmhun...@gmail.com> > Gesendet: Samstag, 18. März 2023 19:15 > An: users@tomcat.apache.org > Betreff: SSL issue > > Hello Everyone, > > I'm having an issue with my SSL connector: > > <stacktrace> > 18-Mar-2023 14:12:46.996 SEVERE [main] > org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to > initialize component [Connector[org.apache.coyote.http11.Http11Nio2Protocol- > 8443]] > org.apache.catalina.LifecycleException: Protocol handler > initialization > failed > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:1014) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.core.StandardService.initInternal(StandardService.java:549 > ) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1032) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.startup.Catalina.load(Catalina.java:724) > at > org.apache.catalina.startup.Catalina.load(Catalina.java:746) > at > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMeth > odHandleAccessor.java:104) > at > java.base/java.lang.reflect.Method.invoke(Method.java:578) > at > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:307) > at > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477) > Caused by: java.lang.IllegalArgumentException: Get Key failed: > Given final block not properly padded. Such issues can arise if a bad key is > used > during decryption. > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsse > Endpoint.java:107) > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoi > nt.java:71) > at > org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:146) > at > org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoin > t.java:1302) > at > org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1315) > at > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:652) > at > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.j > ava:75) > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:1012) > ... 11 more > Caused by: java.security.UnrecoverableKeyException: Get Key failed: > Given final block not properly padded. Such issues can arise if a bad key is > used > during decryption. > at > java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.j > ava:454) > at > java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator > .java:91) > at > java.base/java.security.KeyStore.getKey(KeyStore.java:1077) > at > org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:353) > at > org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:246) > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsse > Endpoint.java:105) > ... 18 more > Caused by: javax.crypto.BadPaddingException: Given final block not > properly padded. Such issues can arise if a bad key is used during decryption. > at > java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:861) > at > java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.jav > a:941) > at > java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:734) > at > java.base/com.sun.crypto.provider.PBES2Core.engineDoFinal(PBES2Core.java:3 > 10) > at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2207) > at > java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(PKCS1 > 2KeyStore.java:370) > at > java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeySt > ore.java:257) > at > java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.j > ava:361) > ... 23 more > </stacktrace> > > And my SSL config: > > <code> > <Connector executor="tomcatThreadPool" > protocol="org.apache.coyote.http11.Http11Nio2Protocol" > sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" > address="0.0.0.0" port="8443" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" enableLookups="false" > acceptCount="100" connectionTimeout="20000" > disableUploadTimeout="true" compression="on" > compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata" > SSLEnabled="true" scheme="https"> > <UpgradeProtocol > className="org.apache.coyote.http2.Http2Protocol" /> > <SSLHostConfig hostName="appsrv.lan" protocols="TLSv1.2"> > <Certificate > certificateKeystoreFile="/home/appsrv/etc/tomcat.p12" > certificateKeystoreType="PKCS12" certificateKeystorePassword="password" /> > </SSLHostConfig> > </Connector> > </code> > > So, what am I doing wrong here? > ________________________________________________ > > Kevin Huntly > Email: kmhun...@gmail.com > ________________________________________________ > > -----BEGIN GEEK CODE BLOCK----- > Version: 1.0 > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ > G++ e(+) h--- r+++ y+++* > ------END GEEK CODE BLOCK------
