search cancel

App Service Fails to start when Password encryption using a custom key is turned on and SSL is enabled

book

Article ID: 253077

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

Caused by: java.lang.IllegalArgumentException: keystore password was incorrect

at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:108)

at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72)

at org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:144)

at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1221)

at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1234)

at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:230)

at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:633)

at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80)

at org.apache.catalina.connector.Connector.initInternal(Connector.java:1112)

... 19 more

Caused by: java.io.IOException: keystore password was incorrect

at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2116)

at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:243)

at java.base/java.security.KeyStore.load(KeyStore.java:1479)

at org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:69)

at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:216)

at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:207)

at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:282)

at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:246)

at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:106)

... 27 more

Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.

Environment

Release : 15.x & 16.x

Cause

This is caused by additional characters in the Encryption key file when created using linux "vi" command.

Resolution

1. Create the same file using a windows machine.

2. Copy the file to the linux server and check for additional characters using cat -v -e filename.

3. Deploy and start the services.