Using Let's Encrypt for SSL certificate for CAS and CAS management

Tom Reijnders

unread,

Jul 21, 2022, 10:26:42 AM7/21/22

to CAS Community

I used several methods to convert the Let's Encrypt certificatate to a PKCS12 certificate (inlcuding the key) but whatever I try, I get the follwing error when trying to start cas-management:

java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.

Any ideas how to fix this?

King, Robert

unread,

Jul 22, 2022, 9:17:13 AM7/22/22

to cas-...@apereo.org

I have run into a similar issue and it seems to always stem from using openssl to covert a pem/x509 cert and private key into a pkcs12 bundle. Was not able to find a solution.

This article looks like it might work, but I did not have time to test it yet.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2ecd0820-ae3e-43f8-8549-2e01990567cbn%40apereo.org.

King, Robert

unread,

Jul 22, 2022, 9:18:03 AM7/22/22

to cas-...@apereo.org

and the article link …..ooops sorry

https://objectpartners.com/2018/07/19/spring-boot-ssl-and-badpaddingexception/

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5fb2af410e10427c882e26e9201f366f%40mun.ca.

Fabrice Bacchella

unread,

Jul 25, 2022, 3:34:32 AM7/25/22

to cas-...@apereo.org

https://keystore-explorer.org is probably the way to go.

Le 22 juil. 2022 à 15:17, King, Robert <ro...@mun.ca> a écrit :

EXTERNAL EMAIL : The sender of this email is external to 3DS. Be wary of the content and do not open unexpected attachments or links. If you consider this email as spam, you can click here (no login or additional action will be requested).

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/aa582939a6cf40dc811ed9d46932a659%40mun.ca.

Tom Reijnders

unread,

Jul 25, 2022, 3:49:05 AM7/25/22

to CAS Community

It seems that it has nothing to do with the keystore itself, but with the casmanagement properties to set the password. If I replace the default keystore and make soure that my keystore uses the default tomcat password (changeit) it works!

In the end I deceided to deploy the war on a separate tomcat9 server, and than there are no issues either.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/aa582939a6cf40dc811ed9d46932a659%40mun.ca.

Reply all

Reply to author

Forward