Hello Kevin, That's why I also suggest to use PEM format. You don’t have to deal with two passwords and the files can be open in a normal editor. Copy & paste also works easily in PEM format.
Glad it works now. Greetings, Thomas > -----Ursprüngliche Nachricht----- > Von: Kevin Huntly <kmhun...@gmail.com> > Gesendet: Samstag, 18. März 2023 20:30 > An: Tomcat Users List <users@tomcat.apache.org> > Betreff: Re: SSL issue > > I was able to read the keystore with both openssl and keytool, but for some > reason the private key within the pkcs#12 file had a different password than > the > keystone password. I ended up just rebuilding the cert and the keystore, and > it's > working now. Thanks ! > ________________________________________________ > > Kevin Huntly > Email: kmhun...@gmail.com > Cell: 716/424-3311 > ________________________________________________ > > -----BEGIN GEEK CODE BLOCK----- > Version: 1.0 > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ > G++ e(+) h--- r+++ y+++* > ------END GEEK CODE BLOCK------ > > > On Sat, Mar 18, 2023 at 3:27 PM Thomas Hoffmann (Speed4Trade GmbH) > <thomas.hoffm...@speed4trade.com.invalid> wrote: > > > Hello, > > > > the relevant error is: > > Caused by: javax.crypto.BadPaddingException: Given final block not > > properly padded. Such issues can arise if a bad key is used during > > decryption. > > > > It seems there is something wrong with your keystore. > > Are both, private and public key in the p12 file? > > Can you check the contents with keytool? > > Alternatively, you can also use pem files, they are more readable than p12. > > > > Greetings, Thomas > > > > > -----Ursprüngliche Nachricht----- > > > Von: Kevin Huntly <kmhun...@gmail.com> > > > Gesendet: Samstag, 18. März 2023 19:15 > > > An: users@tomcat.apache.org > > > Betreff: SSL issue > > > > > > Hello Everyone, > > > > > > I'm having an issue with my SSL connector: > > > > > > <stacktrace> > > > 18-Mar-2023 14:12:46.996 SEVERE [main] > > > org.apache.catalina.util.LifecycleBase.handleSubClassException > > > Failed to initialize component > > [Connector[org.apache.coyote.http11.Http11Nio2Protocol- > > > 8443]] > > > org.apache.catalina.LifecycleException: Protocol handler > > initialization > > > failed > > > at > > > org.apache.catalina.connector.Connector.initInternal(Connector.java:1014) > > > at > > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > > > at > > > > > org.apache.catalina.core.StandardService.initInternal(StandardService. > > java:549 > > > ) > > > at > > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > > > at > > > > > org.apache.catalina.core.StandardServer.initInternal(StandardServer.ja > > va:1032) > > > at > > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > > > at > > > org.apache.catalina.startup.Catalina.load(Catalina.java:724) > > > at > > > org.apache.catalina.startup.Catalina.load(Catalina.java:746) > > > at > > > > > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(Direc > > tMeth > > > odHandleAccessor.java:104) > > > at > > > java.base/java.lang.reflect.Method.invoke(Method.java:578) > > > at > > > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:307) > > > at > > > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477) > > > Caused by: java.lang.IllegalArgumentException: Get Key failed: > > > Given final block not properly padded. Such issues can arise if a > > > bad > > key is used > > > during decryption. > > > at > > > org.apache.tomcat.util.net > > .AbstractJsseEndpoint.createSSLContext(AbstractJsse > > > Endpoint.java:107) > > > at > > > org.apache.tomcat.util.net > > .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoi > > > nt.java:71) > > > at > > > org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:146) > > > at > > > org.apache.tomcat.util.net > > .AbstractEndpoint.bindWithCleanup(AbstractEndpoin > > > t.java:1302) > > > at > > > org.apache.tomcat.util.net > > .AbstractEndpoint.init(AbstractEndpoint.java:1315) > > > at > > > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:652) > > > at > > > > > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Pro > > tocol.j > > > ava:75) > > > at > > > org.apache.catalina.connector.Connector.initInternal(Connector.java:1012) > > > ... 11 more > > > Caused by: java.security.UnrecoverableKeyException: Get Key > > failed: > > > Given final block not properly padded. Such issues can arise if a > > > bad > > key is used > > > during decryption. > > > at > > > > > java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeySto > > re.j > > > ava:454) > > > at > > > > > java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDel > > egator > > > .java:91) > > > at > > > java.base/java.security.KeyStore.getKey(KeyStore.java:1077) > > > at > > > org.apache.tomcat.util.net > > .SSLUtilBase.getKeyManagers(SSLUtilBase.java:353) > > > at > > > org.apache.tomcat.util.net > > .SSLUtilBase.createSSLContext(SSLUtilBase.java:246) > > > at > > > org.apache.tomcat.util.net > > .AbstractJsseEndpoint.createSSLContext(AbstractJsse > > > Endpoint.java:105) > > > ... 18 more > > > Caused by: javax.crypto.BadPaddingException: Given final > > > block > > not > > > properly padded. Such issues can arise if a bad key is used during > > decryption. > > > at > > > java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:861) > > > at > > > > > java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCo > > re.jav > > > a:941) > > > at > > > > java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:734) > > > at > > > > > java.base/com.sun.crypto.provider.PBES2Core.engineDoFinal(PBES2Core.ja > > va:3 > > > 10) > > > at > > java.base/javax.crypto.Cipher.doFinal(Cipher.java:2207) > > > at > > > java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(P > > > KCS1 > > > 2KeyStore.java:370) > > > at > > > > > java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12K > > eySt > > > ore.java:257) > > > at > > > > > java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeySto > > re.j > > > ava:361) > > > ... 23 more > > > </stacktrace> > > > > > > And my SSL config: > > > > > > <code> > > > <Connector executor="tomcatThreadPool" > > > protocol="org.apache.coyote.http11.Http11Nio2Protocol" > > > > > > sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" > > > address="0.0.0.0" port="8443" maxHttpHeaderSize="8192" > > > maxThreads="150" minSpareThreads="25" enableLookups="false" > > > acceptCount="100" connectionTimeout="20000" > > > disableUploadTimeout="true" compression="on" > > > compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata" > > > SSLEnabled="true" scheme="https"> > > > <UpgradeProtocol > > > className="org.apache.coyote.http2.Http2Protocol" /> > > > <SSLHostConfig hostName="appsrv.lan" protocols="TLSv1.2"> > > > <Certificate > > > certificateKeystoreFile="/home/appsrv/etc/tomcat.p12" > > > certificateKeystoreType="PKCS12" certificateKeystorePassword="password" > > /> > > > </SSLHostConfig> > > > </Connector> > > > </code> > > > > > > So, what am I doing wrong here? > > > ________________________________________________ > > > > > > Kevin Huntly > > > Email: kmhun...@gmail.com > > > ________________________________________________ > > > > > > -----BEGIN GEEK CODE BLOCK----- > > > Version: 1.0 > > > GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- > > > W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) > > > PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ > > > G++ e(+) h--- r+++ y+++* > > > ------END GEEK CODE BLOCK------ > >
