Servoy Forum

Hey Guys,

I've successfully installed SSL - but the cert is expiring.

So - rather than deleting the existing certificate from the keystore - I just made a whole new keystore - got the new cert, etc.

I went back and made a copy of the servoy.properties and removed the encrypted database passwords from all the connections and replaced them with plain text.

When I try to start the service I get this error:

Code: Select all

Launching a JVM...
INFO   | jvm 1    | 2018/04/12 05:48:59 | WrapperManager: Initializing...
INFO   | jvm 1    | 2018/04/12 05:49:00 | 0 [WrapperSimpleAppMain] ERROR com.servoy.j2db.util.Debug  - Throwable
INFO   | jvm 1    | 2018/04/12 05:49:00 | javax.crypto.BadPaddingException: Given final block not properly padded
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:989)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:845)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at com.sun.crypto.provider.DESedeCipher.engineDoFinal(DESedeCipher.java:294)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at javax.crypto.Cipher.doFinal(Cipher.java:2165)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at com.servoy.j2db.util.Settings.load(Settings.java:348)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at com.servoy.j2db.util.Settings.loadFromFile(Settings.java:233)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at com.servoy.j2db.server.main.ApplicationServer.main(ApplicationServer.java:755)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at java.lang.reflect.Method.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:238)
INFO   | jvm 1    | 2018/04/12 05:49:00 |    at java.lang.Thread.run(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp: Encountered an error running main:
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp: java.io.IOException: Given final block not properly padded
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at com.servoy.j2db.util.Settings.load(Settings.java:356)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at com.servoy.j2db.util.Settings.loadFromFile(Settings.java:233)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at com.servoy.j2db.server.main.ApplicationServer.main(ApplicationServer.java:755)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at java.lang.reflect.Method.invoke(Unknown Source)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:238)
INFO   | jvm 1    | 2018/04/12 05:49:00 | WrapperSimpleApp:    at java.lang.Thread.run(Unknown Source)


Any ideas???

you didn't remove all the encrypted passwords
because it tries to decrypt something

which servoy version is this? because now for quite some time we don't use that ssl custom certificate anymore to do the encryption...

Servoy version 7.3.1 -releaseNumber 2022

thats really old.
but as i said, then you have to make sure that there are no encrypted stuff in the properties file at all anymore

OK - let me re-try that just to make sure.

There was an extra character at the start of one of the plain-text passwords.

Tried to start the service again, same result.

Are there any other things besides the passwords that are encrypted in the properties file?

FOUND IT!!

As ALWAYS - stupid user detected.

The password for all the DB connections were ok (plain-text) but the KEYSTORE password was still encrypted...

Well - the service started OK - but it's telling me it's NOT SECURE (can't connect via SSL)...

i wonder how the keystore password can be encrypted if we use that keystore to decrypt...

but don't you have any errors in the log? what does the admin page says when you fill in the keystore password and press save?

It took it fine.

I restarted the app server and tried again...

On the network settings it said "SSL initialized ok." - but still not connecting via https.

This must be a cert problem - it looks like Servoy is doing everything right.

If I have to re-install the cer - do I need to delete it from the keystore first?

the installation of the key store through the admin page has nothing todo with the https (which tomcat servers or apache if you have that in front of it)
You also need to use/configure that same keystore in the server.xml file of the tomcat install