What kind of key are you using? I generate my certs with certbot.
The result needs to be converted thusly to be used: openssl pkcs12 -export -out mykey-bundle.pfx -inkey myprivkey.pem -in cert.pem -certfile chain.pem -password pass:superdupersecretnoteventhealiensknow Is this a possible source of the issue? On 3/18/23, Kevin Huntly <kmhun...@gmail.com> wrote: > Hello Everyone, > > I'm having an issue with my SSL connector: > > <stacktrace> > 18-Mar-2023 14:12:46.996 SEVERE [main] > org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to > initialize component > [Connector[org.apache.coyote.http11.Http11Nio2Protocol-8443]] > org.apache.catalina.LifecycleException: Protocol handler > initialization failed > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:1014) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.core.StandardService.initInternal(StandardService.java:549) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1032) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.startup.Catalina.load(Catalina.java:724) > at > org.apache.catalina.startup.Catalina.load(Catalina.java:746) > at > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104) > at > java.base/java.lang.reflect.Method.invoke(Method.java:578) > at > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:307) > at > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477) > Caused by: java.lang.IllegalArgumentException: Get Key failed: > Given final block not properly padded. Such issues can arise if a bad key > is used during decryption. > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107) > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) > at > org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:146) > at > org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1302) > at > org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1315) > at > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:652) > at > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:75) > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:1012) > ... 11 more > Caused by: java.security.UnrecoverableKeyException: Get Key failed: > Given final block not properly padded. Such issues can arise if a bad key > is used during decryption. > at > java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:454) > at > java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:91) > at > java.base/java.security.KeyStore.getKey(KeyStore.java:1077) > at > org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:353) > at > org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:246) > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:105) > ... 18 more > Caused by: javax.crypto.BadPaddingException: Given final block not > properly padded. Such issues can arise if a bad key is used during > decryption. > at > java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:861) > at > java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:941) > at > java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:734) > at > java.base/com.sun.crypto.provider.PBES2Core.engineDoFinal(PBES2Core.java:310) > at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2207) > at > java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(PKCS12KeyStore.java:370) > at > java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore.java:257) > at > java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:361) > ... 23 more > </stacktrace> > > And my SSL config: > > <code> > <Connector executor="tomcatThreadPool" > protocol="org.apache.coyote.http11.Http11Nio2Protocol" > sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" > address="0.0.0.0" port="8443" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" enableLookups="false" > acceptCount="100" connectionTimeout="20000" > disableUploadTimeout="true" compression="on" > compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata" > SSLEnabled="true" scheme="https"> > <UpgradeProtocol > className="org.apache.coyote.http2.Http2Protocol" /> > <SSLHostConfig hostName="appsrv.lan" protocols="TLSv1.2"> > <Certificate > certificateKeystoreFile="/home/appsrv/etc/tomcat.p12" > certificateKeystoreType="PKCS12" certificateKeystorePassword="password" /> > </SSLHostConfig> > </Connector> > </code> > > So, what am I doing wrong here? > ________________________________________________ > > Kevin Huntly > Email: kmhun...@gmail.com > ________________________________________________ > > -----BEGIN GEEK CODE BLOCK----- > Version: 1.0 > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ > G++ e(+) h--- r+++ y+++* > ------END GEEK CODE BLOCK------ > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
