Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Jetty 10 SSL Problem

So i just change it to the following (quote from --list-config). Truststore config is removed.

 jetty.sslContext.keyManagerPassword = changeit
 jetty.sslContext.keyStorePassword = changeit
 jetty.sslContext.keyStorePath = /opt/shibboleth-idp/jetty.p12
 jetty.sslContext.keyStoreType = PKCS12

But it sadly still throws the same stacktrace:

Exception in thread "main" keystore password was incorrect
        at java.base/
        at java.base/
        at java.base/
        at org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(
        at org.eclipse.jetty.util.ssl.SslContextFactory.load(
        at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(
        at org.eclipse.jetty.util.component.ContainerLifeCycle.start(
        at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(
        at org.eclipse.jetty.server.SslConnectionFactory.doStart(
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(
        at org.eclipse.jetty.util.component.ContainerLifeCycle.start(
        at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(
        at org.eclipse.jetty.server.AbstractConnector.doStart(
        at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(
        at org.eclipse.jetty.server.ServerConnector.doStart(
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(
        at org.eclipse.jetty.server.Server.doStart(
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(
        at org.eclipse.jetty.xml.XmlConfiguration.main(
Caused by: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
        ... 21 more

Mit freundlichen Grüßen/Best Regards
Timo Brunn

Um ihre Echtheit zu bestätigen, wurde diese E-Mail digital signiert.
To prove its authenticity, this E-Mail has been digitally signed.
On 29/06/2023 00:55, Joakim Erdfelt wrote:
Also, eliminate the trustStore configurations (temporarily).

Joakim Erdfelt / joakim@xxxxxxxxxxx

On Wed, Jun 28, 2023 at 5:55 PM Joakim Erdfelt <joakim@xxxxxxxxxxx> wrote:
Inline ...

On Wed, Jun 28, 2023 at 4:15 PM Timo Brunn <timo@xxxxxxxxxxxxx> wrote:

I just checked.

Running --debug gave me 23 command line entries with one being a temporary "" file.
I checked that file while the JVM was running and it does contain the correct password/settings.

Running --list-config showed the following system properties:

System Properties:
------------------ = tmp (/opt/shibboleth-idp/start.d/start.ini) = file:/dev/urandom (/opt/shibboleth-idp/start.d/start.ini)

Disabling those obviously removed the need for jetty to fork the JVM.
--list-config also showed the correct keystore configuration with no extra whitespace or similar.

 jetty.sslContext.keyManagerPassword = changeit
 jetty.sslContext.keyStorePassword = changeit
 jetty.sslContext.keyStorePath = jetty.p12
 jetty.sslContext.keyStoreType = PKCS12
 jetty.sslContext.trustStorePassword = changeit
 jetty.sslContext.trustStorePath = jetty.p12
 jetty.sslContext.trustStoreType = PKCS12

Make your values for `jetty.sslContext.keyStorePath` and `jetty.sslContext.trustStorePath` absolute path references and try again.

- Joakim

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Back to the top