java keytool 给出“最终块未正确填充"

2022-01-25 00:00:00 ssl-certificate java

按照 本 Jetty 指南的第 3b 步使用 Keytool 和 OpenSSL,最后步骤,我正在执行命令:

Per step 3b of this Jetty guide for using Keytool and OpenSSL, last step, I'm doing the command:

keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore

当我运行命令时,我得到:keytool error: java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not proper padding

When I run the command, I get: keytool error: java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded

你知道如何解决这个问题吗?

Do you know how to resolve this?

推荐答案

在我的例子中,我已经使用我下载的 Windows openSSL 完成了一些步骤,而其他步骤则使用了 CentOs6 机器上已经存在的 openSSL.当我在 CentOs/linux 机器上完成所有步骤后,错误就消失了.

In my case, I had done some of the steps using Windows openSSL that I downloaded, and other steps using the openSSL already existing on the CentOs6 box. When I did all the steps on the CentOs/linux box, the error went away.

次要注意linux openSSL和Godaddy,注意当你开始创建CSR"过程时,使用2048生成site.key,即:

Secondary perhaps helful note linux openSSL and Godaddy, note when you begin the "create CSR" process, use 2048 in generating the site.key, namely:

openssl genrsa -des3 -out site.key 2048

openssl genrsa -des3 -out site.key 2048

-----------------更新------------------

----------------- update ------------------

我认为这个错误与我在步骤中遇到的密码问题有关.

I think this error is instead related to a password problem I made in the steps.

做完之后:

openssl pkcs12 -export -inkey jetty.key -in cert-chain.txt -out jetty.pkcs12

工具提示,输入导出密码:

the tool prompts, Enter Export Password:

输入的这个密码,必须在下一步使用,我做的是:

This password entered, must then be used in the next step, the one I did was:

java -classpath jetty-util-6.1.19.jar:jetty-6.1.19.jar org.mortbay.jetty.security.PKCS12Import jetty.pkcs12 keystore

但是根据 本文档,该步骤显然同样是:

however per this documentation that step may apparently equally be:

keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore

相关文章