Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SSL install - "invalid padding length"

21 views
Skip to first unread message

Eric Lofland

unread,
Feb 25, 2002, 2:43:44 PM2/25/02
to
Hello all, this is my first post to this list and I'm new to WebLogic so
please be gentle :)

I've gotten WebLogic 6.1 installed on a Sun e420 running Solaris 8, run
the http://127.0.0.1/certificate to create my certificate requests.
This created three files in my /opt/bea/wlserver6.1 directory:

www_mydomain_com-key.der
www_mydomain_com-request.dem
www_mydomain_com-request.pem

I submitted the info from www_mydomain_com-request.pem to Verisign and
gave them loads of money. I got the certificate file from Verisign
(cert1.crt) and copied this to /opt/bea/wl_server6.1/config/mydomain (as
well as www_mydomain_com-key.der). I opened up the web management
console, clicked on my server, clicked on the SSL tab and entered the
following values:
Enabled (yes)
Server Key File Name: config/mydomain/www_mydomain_com-key.der
Server Certificate File Name: config/mydomain/cert1.crt
Server Certificate Chain File Name: config/mydomain/ca.pem

I then stopped the server from the web gui, and tried to start it from
the command line with the following:
# ./startWebLogic.sh -Dweblogic.management.pkpassword=mypassword &

and I see this:
Starting WebLogic Server ....
<Feb 25, 2002 1:33:31 PM CST> <Notice> <Management> <Loading
configuration file ./config/mydomain/config.xml ...>
<Feb 25, 2002 1:33:38 PM CST> <Notice> <WebLogicServer> <Starting
WebLogic Admin Server "floodcert2" for domain "mydomain">
<Feb 25, 2002 1:33:38 PM CST> <Alert> <WebLogicServer> <Security
configuration problem with certificate file
config/mydomain/www_floodcert_com-key.der, java.io.IOException:
weblogic.security.CipherException: Invalid padding length 233>
java.io.IOException: weblogic.security.CipherException: Invalid padding
length 233
at
weblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:157)
at
weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:125)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:391)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1064)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:492)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)
...etc...

There seems to be something wrong with my private key, but I haven't the
foggiest. Anybody else run into this before?


advTHANKSance!

Eric Lofland
elof...@firstam.com

Yeshwant

unread,
Feb 25, 2002, 6:53:39 PM2/25/02
to
Hi Eric
Your configuration is incorrect
1)WLS 6.1 supports only .pem (plain text) and .der (which is binary encoded)
files so please rename the cert that you received from verisign as cert1.der

2)The chain file shouldn't be set to ca.pem. That's the default to use if
you are using the demo certificates shipped by weblogic.
For verisign certs you can obtain the actual chain file from
http://www.verisign.com/support/install/index.html . There is a link which
says Get Intermediate CA Here
3)I am assuming that you have set weblogic.management.pkpassword correctly.
It should match the password choosen when you sent the Certificate Request.

Eric Lofland

unread,
Feb 26, 2002, 9:04:47 AM2/26/02
to

Thanks for writing Yeshwant, I tried your suggestions but I'm still
getting the same error message. It seems to be related to my private
key (generated by the WebLogic certificate app) Here's the error
message from this run:

Starting WebLogic Server ....
<Feb 26, 2002 8:07:03 AM CST> <Notice> <Management> <Loading
configuration file
./config/mydomain/config.xml ...>
<Feb 26, 2002 8:07:09 AM CST> <Notice> <WebLogicServer> <Starting
WebLogic Admin
Server "myserver" for domain "mydomain">
<Feb 26, 2002 8:07:10 AM CST> <Alert> <WebLogicServer> <Security
configuration p
roblem with certificate file config/mydomain/www_mydomain_com-key.der,
java.io.
IOException: weblogic.security.CipherException: Invalid padding length 233>


java.io.IOException: weblogic.security.CipherException: Invalid padding
length 2
33
at
weblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:15
7)
at
weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:1
25)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:391)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1064)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:492)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)

Yeshwant

unread,
Feb 26, 2002, 12:19:28 PM2/26/02
to
Eric,
If you are using Password encrypted private key then, you have to go to the
console --->serverName-->SSL tab and check on a box which says Use Encrypted.
Also I would recommend using Service Pack 2 for WLS6.1 if you haven't done that
already.
Did you get it to work using the demo certificates provided ?
0 new messages