ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

SSL service fails to start after implementing SSL

book

Article ID: 237181

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

HTTPS is not working after importing SSL certificate to one of the clarity server nodes. The same SSL setup works in other nodes that was configured the same exact way:

 

App-system.logs:-

2022/02/14 19:38:50.705 | Feb 14, 2022 7:38:50 PM org.apache.tomcat.util.net.SSLHostConfig setProtocols
2022/02/14 19:38:50.705 | WARNING: The protocol [TLSv1.1] was added to the list of protocols on the SSLHostConfig named [_default_]. Check if a +/- prefix is missing.
2022/02/14 19:38:51.173 | ERROR 14-02 19:38:51,111 - Unable to decrypt the password 
2022/02/14 19:38:51.173 | com.niku.union.security.StringEncrypter$EncryptionException: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.

..2022/02/14 19:38:53.673 | INFO: Initializing ProtocolHandler ["https-jsse-nio2-128.87.241.32-443"]
2022/02/14 19:38:53.689 | Feb 14, 2022 7:38:53 PM org.apache.catalina.core.StandardService initInternal
2022/02/14 19:38:53.705 | SEVERE: Failed to initialize connector [Connector[com.niku.union.web.http11.ClarityHttp11Nio2Protocol-443]]
2022/02/14 19:38:53.705 | org.apache.catalina.LifecycleException: Protocol handler initialization failed

Environment

Clarity 15.9.2 

Resolution

There was no issue with the way SSO was setup and issue was with server encryption key used. The extra space in the custom server encryption key was causing the protocol connector initialising situation (CSA > Security> Encrypt passwords >Using custom Key File). The key with spaces was okay while encrypting but did not working while decrypting passwords.