SSL Install Issue

Questions and Answers on installation, deployment, management, locking, tranasactions of Servoy Application Server

SSL Install Issue

Postby bcusick » Thu Apr 12, 2018 3:12 pm

Hey Guys,

I've successfully installed SSL - but the cert is expiring.

So - rather than deleting the existing certificate from the keystore - I just made a whole new keystore - got the new cert, etc.

I went back and made a copy of the servoy.properties and removed the encrypted database passwords from all the connections and replaced them with plain text.

When I try to start the service I get this error:

Code: Select all
Launching a JVM...
INFO   | jvm 1    | 2018/04/12 05:48:59 | WrapperManager: Initializing...
INFO   | jvm 1    | 2018/04/12 05:49:00 | 0 [WrapperSimpleAppMain] ERROR com.servoy.j2db.util.Debug  - Throwable
INFO   | jvm 1    | 2018/04/12 05:49:00 | javax.crypto.BadPaddingException: Given final block not properly padded
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:989)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:845)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at com.sun.crypto.provider.DESedeCipher.engineDoFinal(DESedeCipher.java:294)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at javax.crypto.Cipher.doFinal(Cipher.java:2165)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at com.servoy.j2db.util.Settings.load(Settings.java:348)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at com.servoy.j2db.util.Settings.loadFromFile(Settings.java:233)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at com.servoy.j2db.server.main.ApplicationServer.main(ApplicationServer.java:755)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at java.lang.reflect.Method.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:238)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at java.lang.Thread.run(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp: Encountered an error running main:
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp: java.io.IOException: Given final block not properly padded
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at com.servoy.j2db.util.Settings.load(Settings.java:356)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at com.servoy.j2db.util.Settings.loadFromFile(Settings.java:233)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at com.servoy.j2db.server.main.ApplicationServer.main(ApplicationServer.java:755)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at java.lang.reflect.Method.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:238)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at java.lang.Thread.run(Unknown Source)


Any ideas???
Bob Cusick
bcusick
 
Posts: 1210
Joined: Wed Apr 23, 2003 11:27 pm
Location: Thousand Oaks, CA USA

Re: SSL Install Issue

Postby jcompagner » Thu Apr 12, 2018 3:44 pm

you didn't remove all the encrypted passwords
because it tries to decrypt something

which servoy version is this? because now for quite some time we don't use that ssl custom certificate anymore to do the encryption...
Johan Compagner
Servoy
User avatar
jcompagner
 
Posts: 8086
Joined: Tue May 27, 2003 7:26 pm
Location: The Internet

Re: SSL Install Issue

Postby bcusick » Thu Apr 12, 2018 4:45 pm

Servoy version 7.3.1 -releaseNumber 2022
Bob Cusick
bcusick
 
Posts: 1210
Joined: Wed Apr 23, 2003 11:27 pm
Location: Thousand Oaks, CA USA

Re: SSL Install Issue

Postby jcompagner » Thu Apr 12, 2018 5:00 pm

thats really old.
but as i said, then you have to make sure that there are no encrypted stuff in the properties file at all anymore
Johan Compagner
Servoy
User avatar
jcompagner
 
Posts: 8086
Joined: Tue May 27, 2003 7:26 pm
Location: The Internet

Re: SSL Install Issue

Postby bcusick » Thu Apr 12, 2018 5:03 pm

OK - let me re-try that just to make sure.
Bob Cusick
bcusick
 
Posts: 1210
Joined: Wed Apr 23, 2003 11:27 pm
Location: Thousand Oaks, CA USA

Re: SSL Install Issue

Postby bcusick » Thu Apr 12, 2018 5:13 pm

There was an extra character at the start of one of the plain-text passwords.

Tried to start the service again, same result.

Are there any other things besides the passwords that are encrypted in the properties file?
Bob Cusick
bcusick
 
Posts: 1210
Joined: Wed Apr 23, 2003 11:27 pm
Location: Thousand Oaks, CA USA

Re: SSL Install Issue

Postby bcusick » Thu Apr 12, 2018 5:15 pm

FOUND IT!!

As ALWAYS - stupid user detected.

The password for all the DB connections were ok (plain-text) but the KEYSTORE password was still encrypted... :roll: :oops: :oops:
Bob Cusick
bcusick
 
Posts: 1210
Joined: Wed Apr 23, 2003 11:27 pm
Location: Thousand Oaks, CA USA

Re: SSL Install Issue

Postby bcusick » Thu Apr 12, 2018 5:17 pm

Well - the service started OK - but it's telling me it's NOT SECURE (can't connect via SSL)...
Bob Cusick
bcusick
 
Posts: 1210
Joined: Wed Apr 23, 2003 11:27 pm
Location: Thousand Oaks, CA USA

Re: SSL Install Issue

Postby jcompagner » Thu Apr 12, 2018 5:23 pm

i wonder how the keystore password can be encrypted if we use that keystore to decrypt...

but don't you have any errors in the log? what does the admin page says when you fill in the keystore password and press save?
Johan Compagner
Servoy
User avatar
jcompagner
 
Posts: 8086
Joined: Tue May 27, 2003 7:26 pm
Location: The Internet

Re: SSL Install Issue

Postby bcusick » Thu Apr 12, 2018 5:46 pm

It took it fine.

I restarted the app server and tried again...

On the network settings it said "SSL initialized ok." - but still not connecting via https.

This must be a cert problem - it looks like Servoy is doing everything right.

If I have to re-install the cer - do I need to delete it from the keystore first?
Bob Cusick
bcusick
 
Posts: 1210
Joined: Wed Apr 23, 2003 11:27 pm
Location: Thousand Oaks, CA USA

Re: SSL Install Issue

Postby jcompagner » Fri Apr 13, 2018 11:16 am

the installation of the key store through the admin page has nothing todo with the https (which tomcat servers or apache if you have that in front of it)
You also need to use/configure that same keystore in the server.xml file of the tomcat install
Johan Compagner
Servoy
User avatar
jcompagner
 
Posts: 8086
Joined: Tue May 27, 2003 7:26 pm
Location: The Internet


Return to Servoy Server

Who is online

Users browsing this forum: No registered users and 1 guest

cron