I was able to read the keystore with both openssl and keytool, but for some reason the private key within the pkcs#12 file had a different password than the keystone password. I ended up just rebuilding the cert and the keystore, and it's working now. Thanks ! ________________________________________________
Kevin Huntly Email: kmhun...@gmail.com Cell: 716/424-3311 ________________________________________________ -----BEGIN GEEK CODE BLOCK----- Version: 1.0 GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ G++ e(+) h--- r+++ y+++* ------END GEEK CODE BLOCK------ On Sat, Mar 18, 2023 at 3:27 PM Thomas Hoffmann (Speed4Trade GmbH) <thomas.hoffm...@speed4trade.com.invalid> wrote: > Hello, > > the relevant error is: > Caused by: javax.crypto.BadPaddingException: Given final block not > properly padded. Such issues can arise if a bad key is used during > decryption. > > It seems there is something wrong with your keystore. > Are both, private and public key in the p12 file? > Can you check the contents with keytool? > Alternatively, you can also use pem files, they are more readable than p12. > > Greetings, Thomas > > > -----Ursprüngliche Nachricht----- > > Von: Kevin Huntly <kmhun...@gmail.com> > > Gesendet: Samstag, 18. März 2023 19:15 > > An: users@tomcat.apache.org > > Betreff: SSL issue > > > > Hello Everyone, > > > > I'm having an issue with my SSL connector: > > > > <stacktrace> > > 18-Mar-2023 14:12:46.996 SEVERE [main] > > org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to > > initialize component > [Connector[org.apache.coyote.http11.Http11Nio2Protocol- > > 8443]] > > org.apache.catalina.LifecycleException: Protocol handler > initialization > > failed > > at > > org.apache.catalina.connector.Connector.initInternal(Connector.java:1014) > > at > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > > at > > > org.apache.catalina.core.StandardService.initInternal(StandardService.java:549 > > ) > > at > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > > at > > > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1032) > > at > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > > at > > org.apache.catalina.startup.Catalina.load(Catalina.java:724) > > at > > org.apache.catalina.startup.Catalina.load(Catalina.java:746) > > at > > > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMeth > > odHandleAccessor.java:104) > > at > > java.base/java.lang.reflect.Method.invoke(Method.java:578) > > at > > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:307) > > at > > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477) > > Caused by: java.lang.IllegalArgumentException: Get Key failed: > > Given final block not properly padded. Such issues can arise if a bad > key is used > > during decryption. > > at > > org.apache.tomcat.util.net > .AbstractJsseEndpoint.createSSLContext(AbstractJsse > > Endpoint.java:107) > > at > > org.apache.tomcat.util.net > .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoi > > nt.java:71) > > at > > org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:146) > > at > > org.apache.tomcat.util.net > .AbstractEndpoint.bindWithCleanup(AbstractEndpoin > > t.java:1302) > > at > > org.apache.tomcat.util.net > .AbstractEndpoint.init(AbstractEndpoint.java:1315) > > at > > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:652) > > at > > > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.j > > ava:75) > > at > > org.apache.catalina.connector.Connector.initInternal(Connector.java:1012) > > ... 11 more > > Caused by: java.security.UnrecoverableKeyException: Get Key > failed: > > Given final block not properly padded. Such issues can arise if a bad > key is used > > during decryption. > > at > > > java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.j > > ava:454) > > at > > > java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator > > .java:91) > > at > > java.base/java.security.KeyStore.getKey(KeyStore.java:1077) > > at > > org.apache.tomcat.util.net > .SSLUtilBase.getKeyManagers(SSLUtilBase.java:353) > > at > > org.apache.tomcat.util.net > .SSLUtilBase.createSSLContext(SSLUtilBase.java:246) > > at > > org.apache.tomcat.util.net > .AbstractJsseEndpoint.createSSLContext(AbstractJsse > > Endpoint.java:105) > > ... 18 more > > Caused by: javax.crypto.BadPaddingException: Given final block > not > > properly padded. Such issues can arise if a bad key is used during > decryption. > > at > > java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:861) > > at > > > java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.jav > > a:941) > > at > > java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:734) > > at > > > java.base/com.sun.crypto.provider.PBES2Core.engineDoFinal(PBES2Core.java:3 > > 10) > > at > java.base/javax.crypto.Cipher.doFinal(Cipher.java:2207) > > at > > java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(PKCS1 > > 2KeyStore.java:370) > > at > > > java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeySt > > ore.java:257) > > at > > > java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.j > > ava:361) > > ... 23 more > > </stacktrace> > > > > And my SSL config: > > > > <code> > > <Connector executor="tomcatThreadPool" > > protocol="org.apache.coyote.http11.Http11Nio2Protocol" > > > sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" > > address="0.0.0.0" port="8443" maxHttpHeaderSize="8192" > > maxThreads="150" minSpareThreads="25" enableLookups="false" > > acceptCount="100" connectionTimeout="20000" > > disableUploadTimeout="true" compression="on" > > compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata" > > SSLEnabled="true" scheme="https"> > > <UpgradeProtocol > > className="org.apache.coyote.http2.Http2Protocol" /> > > <SSLHostConfig hostName="appsrv.lan" protocols="TLSv1.2"> > > <Certificate > > certificateKeystoreFile="/home/appsrv/etc/tomcat.p12" > > certificateKeystoreType="PKCS12" certificateKeystorePassword="password" > /> > > </SSLHostConfig> > > </Connector> > > </code> > > > > So, what am I doing wrong here? > > ________________________________________________ > > > > Kevin Huntly > > Email: kmhun...@gmail.com > > ________________________________________________ > > > > -----BEGIN GEEK CODE BLOCK----- > > Version: 1.0 > > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- > > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) > > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ > > G++ e(+) h--- r+++ y+++* > > ------END GEEK CODE BLOCK------ >
