Noted - excellent! On 3/18/23, Kevin Huntly <kmhun...@gmail.com> wrote: > I was able to read the keystore with both openssl and keytool, but for some > reason the private key within the pkcs#12 file had a different password > than the keystone password. I ended up just rebuilding the cert and the > keystore, and it's working now. Thanks ! > ________________________________________________ > > Kevin Huntly > Email: kmhun...@gmail.com > Cell: 716/424-3311 > ________________________________________________ > > -----BEGIN GEEK CODE BLOCK----- > Version: 1.0 > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ > G++ e(+) h--- r+++ y+++* > ------END GEEK CODE BLOCK------ > > > On Sat, Mar 18, 2023 at 3:27 PM Thomas Hoffmann (Speed4Trade GmbH) > <thomas.hoffm...@speed4trade.com.invalid> wrote: > >> Hello, >> >> the relevant error is: >> Caused by: javax.crypto.BadPaddingException: Given final block not >> properly padded. Such issues can arise if a bad key is used during >> decryption. >> >> It seems there is something wrong with your keystore. >> Are both, private and public key in the p12 file? >> Can you check the contents with keytool? >> Alternatively, you can also use pem files, they are more readable than >> p12. >> >> Greetings, Thomas >> >> > -----Ursprüngliche Nachricht----- >> > Von: Kevin Huntly <kmhun...@gmail.com> >> > Gesendet: Samstag, 18. März 2023 19:15 >> > An: users@tomcat.apache.org >> > Betreff: SSL issue >> > >> > Hello Everyone, >> > >> > I'm having an issue with my SSL connector: >> > >> > <stacktrace> >> > 18-Mar-2023 14:12:46.996 SEVERE [main] >> > org.apache.catalina.util.LifecycleBase.handleSubClassException Failed >> > to >> > initialize component >> [Connector[org.apache.coyote.http11.Http11Nio2Protocol- >> > 8443]] >> > org.apache.catalina.LifecycleException: Protocol handler >> initialization >> > failed >> > at >> > org.apache.catalina.connector.Connector.initInternal(Connector.java:1014) >> > at >> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) >> > at >> > >> org.apache.catalina.core.StandardService.initInternal(StandardService.java:549 >> > ) >> > at >> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) >> > at >> > >> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1032) >> > at >> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) >> > at >> > org.apache.catalina.startup.Catalina.load(Catalina.java:724) >> > at >> > org.apache.catalina.startup.Catalina.load(Catalina.java:746) >> > at >> > >> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMeth >> > odHandleAccessor.java:104) >> > at >> > java.base/java.lang.reflect.Method.invoke(Method.java:578) >> > at >> > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:307) >> > at >> > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477) >> > Caused by: java.lang.IllegalArgumentException: Get Key failed: >> > Given final block not properly padded. Such issues can arise if a bad >> key is used >> > during decryption. >> > at >> > org.apache.tomcat.util.net >> .AbstractJsseEndpoint.createSSLContext(AbstractJsse >> > Endpoint.java:107) >> > at >> > org.apache.tomcat.util.net >> .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoi >> > nt.java:71) >> > at >> > org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:146) >> > at >> > org.apache.tomcat.util.net >> .AbstractEndpoint.bindWithCleanup(AbstractEndpoin >> > t.java:1302) >> > at >> > org.apache.tomcat.util.net >> .AbstractEndpoint.init(AbstractEndpoint.java:1315) >> > at >> > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:652) >> > at >> > >> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.j >> > ava:75) >> > at >> > org.apache.catalina.connector.Connector.initInternal(Connector.java:1012) >> > ... 11 more >> > Caused by: java.security.UnrecoverableKeyException: Get Key >> failed: >> > Given final block not properly padded. Such issues can arise if a bad >> key is used >> > during decryption. >> > at >> > >> java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.j >> > ava:454) >> > at >> > >> java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator >> > .java:91) >> > at >> > java.base/java.security.KeyStore.getKey(KeyStore.java:1077) >> > at >> > org.apache.tomcat.util.net >> .SSLUtilBase.getKeyManagers(SSLUtilBase.java:353) >> > at >> > org.apache.tomcat.util.net >> .SSLUtilBase.createSSLContext(SSLUtilBase.java:246) >> > at >> > org.apache.tomcat.util.net >> .AbstractJsseEndpoint.createSSLContext(AbstractJsse >> > Endpoint.java:105) >> > ... 18 more >> > Caused by: javax.crypto.BadPaddingException: Given final block >> not >> > properly padded. Such issues can arise if a bad key is used during >> decryption. >> > at >> > java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:861) >> > at >> > >> java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.jav >> > a:941) >> > at >> > java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:734) >> > at >> > >> java.base/com.sun.crypto.provider.PBES2Core.engineDoFinal(PBES2Core.java:3 >> > 10) >> > at >> java.base/javax.crypto.Cipher.doFinal(Cipher.java:2207) >> > at >> > java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(PKCS1 >> > 2KeyStore.java:370) >> > at >> > >> java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeySt >> > ore.java:257) >> > at >> > >> java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.j >> > ava:361) >> > ... 23 more >> > </stacktrace> >> > >> > And my SSL config: >> > >> > <code> >> > <Connector executor="tomcatThreadPool" >> > protocol="org.apache.coyote.http11.Http11Nio2Protocol" >> > >> sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" >> > address="0.0.0.0" port="8443" maxHttpHeaderSize="8192" >> > maxThreads="150" minSpareThreads="25" enableLookups="false" >> > acceptCount="100" connectionTimeout="20000" >> > disableUploadTimeout="true" compression="on" >> > compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata" >> > SSLEnabled="true" scheme="https"> >> > <UpgradeProtocol >> > className="org.apache.coyote.http2.Http2Protocol" /> >> > <SSLHostConfig hostName="appsrv.lan" protocols="TLSv1.2"> >> > <Certificate >> > certificateKeystoreFile="/home/appsrv/etc/tomcat.p12" >> > certificateKeystoreType="PKCS12" certificateKeystorePassword="password" >> /> >> > </SSLHostConfig> >> > </Connector> >> > </code> >> > >> > So, what am I doing wrong here? >> > ________________________________________________ >> > >> > Kevin Huntly >> > Email: kmhun...@gmail.com >> > ________________________________________________ >> > >> > -----BEGIN GEEK CODE BLOCK----- >> > Version: 1.0 >> > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- >> > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) >> > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ >> > G++ e(+) h--- r+++ y+++* >> > ------END GEEK CODE BLOCK------ >> >
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
