| Re: [jetty-users] Jetty 10 SSL Problem |
Throws this stacktrace
WARN : Forking second JVM due to forking module(s): []. Use
--dry-run to generate the command line to avoid forking.
Exception in thread "main" java.io.IOException: keystore password
was incorrect
at
java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2159)
at
java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:221)
at
java.base/java.security.KeyStore.load(KeyStore.java:1473)
at
org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:49)
at
org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:1121)
at
org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:291)
at
org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:213)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:93)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:171)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:121)
at
org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:112)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:93)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:171)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:121)
at
org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:367)
at
org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:75)
at
org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:228)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:93)
at
org.eclipse.jetty.server.Server.doStart(Server.java:428)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:93)
at
org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1875)
Caused by: java.security.UnrecoverableKeyException: failed to
decrypt safe contents entry: javax.crypto.BadPaddingException:
Given final block not properly padded. Such issues can arise if a
bad key is used during decryption.
... 21 more
Full stack trace? On Wed, Jun 28, 2023 at 6:25 PM Timo Brunn <timo@xxxxxxxxxxxxx> wrote:Hi, I just checked and there aren't any trailing spaces. My actual key has a password. Thats why i set keyManagerPassword. I had a few test keystores with and without key password. Neither worked. On my current test keystore my key password and keystore password are the same. Mit freundlichen Grüßen/Best Regards Timo Brunn Website: timo-brunn.de Um ihre Echtheit zu bestätigen, wurde diese E-Mail digital signiert. To prove its authenticity, this E-Mail has been digitally signed. On 28/06/2023 17:46, Simone Bordet wrote: Hi, On Wed, Jun 28, 2023 at 4:45 PM Timo Brunn <timo@xxxxxxxxxxxxx> wrote: Hi, Im currently having trouble supplying an self-signed SSL Certificate to jetty: Im generating the self-signed certificate and keystore using: keytool -genkeypair -alias jetty -validity 365 -keyalg RSA -keysize 2048 -keystore jetty.p12 -storetype pkcs12 My SSLContext looks like this now: jetty.sslContext.keyStorePath=jetty.p12 jetty.sslContext.trustStorePath=jetty.p12 jetty.sslContext.keyStoreType=PKCS12 jetty.sslContext.trustStoreType=PKCS12 jetty.sslContext.keyStorePassword=changeit jetty.sslContext.trustStorePassword=changeit jetty.sslContext.keyManagerPassword=changeit Starting jetty i get the following error: Exception in thread "main" java.io.IOException: keystore password was incorrect at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2159) I double and triple checked the keystore password and it is correct. Keytool is able to open the store Check that you don't have white space after "changeit". Why did you specify the keyManagerPassword? Is it the same as the keyStore?
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature