Using Let's Encrypt for SSL certificate for CAS and CAS management

13 views
Skip to first unread message

Tom Reijnders

unread,
Jul 21, 2022, 10:26:42 AMJul 21
to CAS Community
I used several methods to convert the Let's Encrypt certificatate to a PKCS12 certificate (inlcuding the key) but whatever I try, I get the follwing error when trying to start cas-management:

java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.

Any ideas how to fix this?

King, Robert

unread,
Jul 22, 2022, 9:17:13 AMJul 22
to cas-...@apereo.org

I have run into a similar issue and it seems to always stem from using openssl to covert a pem/x509 cert and private key into a pkcs12 bundle.  Was not able to find a solution.

 

This article looks like it might work, but I did not have time to test it yet.

 

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2ecd0820-ae3e-43f8-8549-2e01990567cbn%40apereo.org.

King, Robert

unread,
Jul 22, 2022, 9:18:03 AMJul 22
to cas-...@apereo.org

Fabrice Bacchella

unread,
Jul 25, 2022, 3:34:32 AMJul 25
to cas-...@apereo.org

https://keystore-explorer.org is probably the way to go.


Le 22 juil. 2022 à 15:17, King, Robert <ro...@mun.ca> a écrit :


EXTERNAL EMAIL :  The sender of this email is external to 3DS. Be wary of the content and do not open unexpected attachments or links. If you consider this email as spam, you can click here (no login or additional action will be requested).

Tom Reijnders

unread,
Jul 25, 2022, 3:49:05 AMJul 25
to CAS Community
It seems that it has nothing to do with the keystore itself, but with the casmanagement properties to set the password. If I replace the default keystore and make soure that my keystore uses the default tomcat password (changeit) it works!

In the end I deceided to deploy the war on a separate tomcat9 server, and than there are no issues either.


Reply all
Reply to author
Forward
0 new messages