tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Faine, Mark" <Mark.R.Fa...@msfc.nasa.gov>
Subject RE: SSL configuration question
Date Tue, 05 Apr 2005 16:34:12 GMT
Nevermind, It is fixed.  Unfortunately though I can't pass on my findings as
I'm not sure exactly what fixed it.

-Mark
 

-----Original Message-----
From: Faine, Mark 
Sent: Tuesday, April 05, 2005 9:44 AM
To: 'Tomcat Users List'
Subject: RE: SSL configuration question

I tried this same procedure that you suggested below for importing Apache
SSL key to tomcat
(http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694) on another
server and it didn't work.  I'm getting the error listed below when tomcat
starts up.  I've done it exactly like before.  Any help resolving this issue
would be greatly appreciated it.

-Mark


 SEVERE: Error starting endpoint
java.io.IOException: failed to decrypt safe contents entry:
javax.crypto.BadPaddingException: Given final block not properly padded
        at
com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1
275)
        at java.security.KeyStore.load(KeyStore.java:1150)
        at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory
.java:278)
        at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFact
ory.java:220)
        at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14Soc
ketFactory.java:143)
        at
org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory
.java:109)
        at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFac
tory.java:88)
        at
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java
:259)
        at
org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.jav
a:281)
        at
org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:171)
        at
org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1527)
        at
org.apache.catalina.core.StandardService.start(StandardService.java:489)
        at
org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
Caused by: javax.crypto.BadPaddingException: Given final block not properly
padded
        at com.sun.crypto.provider.SunJCE_h.b(DashoA6275)
        at com.sun.crypto.provider.SunJCE_h.b(DashoA6275)
        at com.sun.crypto.provider.SunJCE_ab.b(DashoA6275)
        at
com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFin
al(DashoA6275)
        at javax.crypto.Cipher.doFinal(DashoA12275)
        at
com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1
272)
        ... 19 more
Apr 5, 2005 9:22:36 AM org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start: 
LifecycleException:  Protocol handler start failed: java.io.IOException:
failed to decrypt safe contents entry: javax.crypto.BadPaddingException:
Given final block not properly padded
        at
org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1529)
        at
org.apache.catalina.core.StandardService.start(StandardService.java:489)
        at
org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
Apr 5, 2005 9:22:36 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 14756 ms

-----Original Message-----
From: Faine, Mark
Sent: Friday, April 01, 2005 9:25 AM
To: 'Tomcat Users List'
Subject: RE: SSL configuration question

Thanks, the link you provided allowed me to get it imported correctly.  This
should go on a FAQ.

Thanks again,
-Mark
 

-----Original Message-----
From: Mikhail Kruk [mailto:meshko@cs.brandeis.edu]
Sent: Thursday, March 31, 2005 3:42 PM
To: Tomcat Users List
Subject: RE: SSL configuration question

> The certificate I imported was not self-signed (or should not be).  It 
> is what I received back from Entrust after submitting a CSR. It was 
> already in use on Apache before I decided not to use Apache anymore.
> It worked before on Apache. I shut down apache and was intending to 
> use the cert on only Tomcat.

You can't easily import the certificate that was generated for Apache into
Tomcat -- you need to have the prvite key part in your keystore and your
private key is in your Apache.  There must be a way to get the key from
Apache and move it to Tomcat, but I'm not sure what it is.
This might help:
http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694

> 
> 
> Thanks,
> -Mark
>  
> 
> -----Original Message-----
> From: Sasisekar S Sundaram [mailto:sekarmdu@louisiana.edu]
> Sent: Thursday, March 31, 2005 2:43 PM
> To: Tomcat Users List
> Subject: Re: SSL configuration question
> 
> It shows both "issued to" and "issue by" because it is a self signed 
> certificate. when you get you certificate authorized by some one like 
> verisign, and then import that certificate into your keystore, you'll 
> get "issued by" as that certifying authority's name.
> ----- Original Message -----
> From: "Faine, Mark" <Mark.R.Faine@msfc.nasa.gov>
> To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org>
> Sent: Thursday, March 31, 2005 1:13 PM
> Subject: RE: SSL configuration question
> 
> 
> > Thanks, I tried that before and got a permission error, but it works
now.
> >
> > -Mark
> >
> >
> > -----Original Message-----
> > From: Hein Behrens [mailto:info@curvaciones.com]
> > Sent: Thursday, March 31, 2005 12:41 PM
> > To: Tomcat Users List
> > Subject: Re: SSL configuration question
> >
> > Answer to number 2 is edit your server.xml change 8443 to 443 in the 
> > ssl section also check that the the normal port redirects to 443.
> >
> > Where you see 8443 change to 443.
> >
> > 2 changes in your server.xml.
> >
> >
> > ----- Original Message -----
> > From: "Faine, Mark" <Mark.R.Faine@msfc.nasa.gov>
> > To: <tomcat-user@jakarta.apache.org>
> > Sent: Thursday, March 31, 2005 7:44 PM
> > Subject: SSL configuration question
> >
> >
> > > Solaris 8, Tomcat 5.0.28
> > >
> > > I've configured my tomcat installation with my SSL key from 
> > > Entrust
and
> it
> > > is working (sort of).
> > >
> > > 1.  It is not correctly configured.  It shows my organization as 
> > > both "issued to" and "issue by" when I view the certificate
information.
> Could
> > > someone explain what I have done wrong and how to correct it.
> > >
> > > 2.  It must be run on port 8443 because I need to run it as a user
other
> > > than root.  How can I bypass this limitation and run it on the
standard
> > 443
> > > port?
> > >
> > > Thanks,
> > > -Mark
> > >
> > > ------------------------------------------------------------------
> > > --- To unsubscribe, e-mail: 
> > > tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: 
> > > tomcat-user-help@jakarta.apache.org
> > >
> > >
> >
> > --------------------------------------------------------------------
> > - To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> > --------------------------------------------------------------------
> > - To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message