SSL Install Issue

bcusick · April 12, 2018, 1:12pm

Hey Guys,

I’ve successfully installed SSL - but the cert is expiring.

So - rather than deleting the existing certificate from the keystore - I just made a whole new keystore - got the new cert, etc.

I went back and made a copy of the servoy.properties and removed the encrypted database passwords from all the connections and replaced them with plain text.

When I try to start the service I get this error:

Launching a JVM...
INFO   | jvm 1    | 2018/04/12 05:48:59 | WrapperManager: Initializing...
INFO   | jvm 1    | 2018/04/12 05:49:00 | 0 [WrapperSimpleAppMain] ERROR com.servoy.j2db.util.Debug  - Throwable
INFO   | jvm 1    | 2018/04/12 05:49:00 | javax.crypto.BadPaddingException: Given final block not properly padded
INFO   | jvm 1    | 2018/04/12 05:49:00 | 	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:989)
INFO   | jvm 1    | 2018/04/12 05:49:00 | 	at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:845)
INFO   | jvm 1    | 2018/04/12 05:49:00 | 	at com.sun.crypto.provider.DESedeCipher.engineDoFinal(DESedeCipher.java:294)
INFO   | jvm 1    | 2018/04/12 05:49:00 | 	at javax.crypto.Cipher.doFinal(Cipher.java:2165)
INFO   | jvm 1    | 2018/04/12 05:49:00 | 	at com.servoy.j2db.util.Settings.load(Settings.java:348)
INFO   | jvm 1    | 2018/04/12 05:49:00 | 	at com.servoy.j2db.util.Settings.loadFromFile(Settings.java:233)
INFO   | jvm 1    | 2018/04/12 05:49:00 | 	at com.servoy.j2db.server.main.ApplicationServer.main(ApplicationServer.java:755)
INFO   | jvm 1    | 2018/04/12 05:49:00 | 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 1    | 2018/04/12 05:49:00 | 	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 | 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 | 	at java.lang.reflect.Method.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 | 	at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:238)
INFO   | jvm 1    | 2018/04/12 05:49:00 | 	at java.lang.Thread.run(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp: 
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp: Encountered an error running main:
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp: java.io.IOException: Given final block not properly padded
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp: 	at com.servoy.j2db.util.Settings.load(Settings.java:356)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp: 	at com.servoy.j2db.util.Settings.loadFromFile(Settings.java:233)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp: 	at com.servoy.j2db.server.main.ApplicationServer.main(ApplicationServer.java:755)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp: 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp: 	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp: 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp: 	at java.lang.reflect.Method.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp: 	at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:238)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp: 	at java.lang.Thread.run(Unknown Source)

Any ideas???

jcompagner · April 12, 2018, 1:44pm

you didn’t remove all the encrypted passwords
because it tries to decrypt something

which servoy version is this? because now for quite some time we don’t use that ssl custom certificate anymore to do the encryption…

bcusick · April 12, 2018, 2:45pm

Servoy version 7.3.1 -releaseNumber 2022

jcompagner · April 12, 2018, 3:00pm

thats really old.
but as i said, then you have to make sure that there are no encrypted stuff in the properties file at all anymore

bcusick · April 12, 2018, 3:03pm

OK - let me re-try that just to make sure.

bcusick · April 12, 2018, 3:13pm

There was an extra character at the start of one of the plain-text passwords.

Tried to start the service again, same result.

Are there any other things besides the passwords that are encrypted in the properties file?

bcusick · April 12, 2018, 3:15pm

FOUND IT!!

As ALWAYS - stupid user detected.

The password for all the DB connections were ok (plain-text) but the KEYSTORE password was still encrypted… :roll: :oops: :oops:

bcusick · April 12, 2018, 3:17pm

Well - the service started OK - but it’s telling me it’s NOT SECURE (can’t connect via SSL)…

jcompagner · April 12, 2018, 3:23pm

i wonder how the keystore password can be encrypted if we use that keystore to decrypt…

but don’t you have any errors in the log? what does the admin page says when you fill in the keystore password and press save?

bcusick · April 12, 2018, 3:46pm

It took it fine.

I restarted the app server and tried again…

On the network settings it said “SSL initialized ok.” - but still not connecting via https.

This must be a cert problem - it looks like Servoy is doing everything right.

If I have to re-install the cer - do I need to delete it from the keystore first?

jcompagner · April 13, 2018, 9:16am

the installation of the key store through the admin page has nothing todo with the https (which tomcat servers or apache if you have that in front of it)
You also need to use/configure that same keystore in the server.xml file of the tomcat install

Topic		Replies	Views
SSL with Servoy Classic Servoy	4	3673	February 8, 2011
Problem Installing SSL Certificate Classic Servoy	8	6880	December 24, 2015
SSL with Thawte Classic Servoy	11	9608	January 25, 2010
ssl certificate locks me out Classic Servoy	3	3342	September 2, 2007
Regarding SSL Setup in Servoy Classic Servoy	1	1539	January 21, 2010

SSL Install Issue

Related topics