Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org Received: (qmail 90566 invoked from network); 5 Apr 2005 14:44:26 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 5 Apr 2005 14:44:26 -0000 Received: (qmail 12557 invoked by uid 500); 5 Apr 2005 14:43:55 -0000 Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org Received: (qmail 12543 invoked by uid 500); 5 Apr 2005 14:43:55 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 12527 invoked by uid 99); 5 Apr 2005 14:43:54 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from x500msfc.msfc.nasa.gov (HELO x500msfc.msfc.nasa.gov) (198.116.111.5) by apache.org (qpsmtpd/0.28) with ESMTP; Tue, 05 Apr 2005 07:43:53 -0700 Received: from msimc01.msfc.nasa.gov by x500msfc.msfc.nasa.gov with ESMTP for tomcat-user@jakarta.apache.org; Tue, 5 Apr 2005 09:43:48 -0500 Received: by msimc01.msfc.nasa.gov with Internet Mail Service (5.5.2657.72) id ; Tue, 5 Apr 2005 09:43:48 -0500 Message-Id: From: "Faine, Mark" To: 'Tomcat Users List' Subject: RE: SSL configuration question Date: Tue, 5 Apr 2005 09:43:47 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain X-Virus-Checked: Checked X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N I tried this same procedure that you suggested below for importing Apache SSL key to tomcat (http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694) on another server and it didn't work. I'm getting the error listed below when tomcat starts up. I've done it exactly like before. Any help resolving this issue would be greatly appreciated it. -Mark SEVERE: Error starting endpoint java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1 275) at java.security.KeyStore.load(KeyStore.java:1150) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory .java:278) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFact ory.java:220) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14Soc ketFactory.java:143) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory .java:109) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFac tory.java:88) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java :259) at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.jav a:281) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:171) at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1527) at org.apache.catalina.core.StandardService.start(StandardService.java:489) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.SunJCE_h.b(DashoA6275) at com.sun.crypto.provider.SunJCE_h.b(DashoA6275) at com.sun.crypto.provider.SunJCE_ab.b(DashoA6275) at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFin al(DashoA6275) at javax.crypto.Cipher.doFinal(DashoA12275) at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1 272) ... 19 more Apr 5, 2005 9:22:36 AM org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: Protocol handler start failed: java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1529) at org.apache.catalina.core.StandardService.start(StandardService.java:489) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) Apr 5, 2005 9:22:36 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 14756 ms -----Original Message----- From: Faine, Mark Sent: Friday, April 01, 2005 9:25 AM To: 'Tomcat Users List' Subject: RE: SSL configuration question Thanks, the link you provided allowed me to get it imported correctly. This should go on a FAQ. Thanks again, -Mark -----Original Message----- From: Mikhail Kruk [mailto:meshko@cs.brandeis.edu] Sent: Thursday, March 31, 2005 3:42 PM To: Tomcat Users List Subject: RE: SSL configuration question > The certificate I imported was not self-signed (or should not be). It > is what I received back from Entrust after submitting a CSR. It was > already in use on Apache before I decided not to use Apache anymore. > It worked before on Apache. I shut down apache and was intending to > use the cert on only Tomcat. You can't easily import the certificate that was generated for Apache into Tomcat -- you need to have the prvite key part in your keystore and your private key is in your Apache. There must be a way to get the key from Apache and move it to Tomcat, but I'm not sure what it is. This might help: http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs24694 > > > Thanks, > -Mark > > > -----Original Message----- > From: Sasisekar S Sundaram [mailto:sekarmdu@louisiana.edu] > Sent: Thursday, March 31, 2005 2:43 PM > To: Tomcat Users List > Subject: Re: SSL configuration question > > It shows both "issued to" and "issue by" because it is a self signed > certificate. when you get you certificate authorized by some one like > verisign, and then import that certificate into your keystore, you'll > get "issued by" as that certifying authority's name. > ----- Original Message ----- > From: "Faine, Mark" > To: "'Tomcat Users List'" > Sent: Thursday, March 31, 2005 1:13 PM > Subject: RE: SSL configuration question > > > > Thanks, I tried that before and got a permission error, but it works now. > > > > -Mark > > > > > > -----Original Message----- > > From: Hein Behrens [mailto:info@curvaciones.com] > > Sent: Thursday, March 31, 2005 12:41 PM > > To: Tomcat Users List > > Subject: Re: SSL configuration question > > > > Answer to number 2 is edit your server.xml change 8443 to 443 in the > > ssl section also check that the the normal port redirects to 443. > > > > Where you see 8443 change to 443. > > > > 2 changes in your server.xml. > > > > > > ----- Original Message ----- > > From: "Faine, Mark" > > To: > > Sent: Thursday, March 31, 2005 7:44 PM > > Subject: SSL configuration question > > > > > > > Solaris 8, Tomcat 5.0.28 > > > > > > I've configured my tomcat installation with my SSL key from > > > Entrust and > it > > > is working (sort of). > > > > > > 1. It is not correctly configured. It shows my organization as > > > both "issued to" and "issue by" when I view the certificate information. > Could > > > someone explain what I have done wrong and how to correct it. > > > > > > 2. It must be run on port 8443 because I need to run it as a user other > > > than root. How can I bypass this limitation and run it on the standard > > 443 > > > port? > > > > > > Thanks, > > > -Mark > > > > > > ------------------------------------------------------------------ > > > --- To unsubscribe, e-mail: > > > tomcat-user-unsubscribe@jakarta.apache.org > > > For additional commands, e-mail: > > > tomcat-user-help@jakarta.apache.org > > > > > > > > > > -------------------------------------------------------------------- > > - To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org > > > > -------------------------------------------------------------------- > > - To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org