I am getting an invalid password when using a self-signed certificate generated via Windows PowerShell. I exported the cert as a pfx with a password of changeIt. During application startup, the pfx is found and read but it fails with bad password.
Any suggestions on how to resolve?
SSL section of application.yaml
server:
port: 8043
ssl:
enabled: true
key-store-type: PKCS12
key-store: classpath:keystore/self-signed.pfx
key-store-password: changeIt
key-alias: localhost
Stack trace on app startup
Caused by: java.lang.IllegalStateException: Could not load store from 'classpath:keystore/self-signed.pfx'
at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:123) ~[spring-boot-3.2.5.jar:3.2.5]
at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:89) ~[spring-boot-3.2.5.jar:3.2.5]
... 22 common frames omitted
Caused by: java.io.IOException: keystore password was incorrect
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2097) ~[na:na]
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:228) ~[na:na]
at java.base/java.security.KeyStore.load(KeyStore.java:1500) ~[na:na]
at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:119) ~[spring-boot-3.2.5.jar:3.2.5]
... 23 common frames omitted
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
... 27 common frames omitted
Create certificate process
PS D:\temp> $cert = new-SelfSignedCertificate -DnsName "localhost", "dev.testing.com" -CertStoreLocation "cert:\LocalMachine\My"
PS D:\temp> $cert
PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My
Thumbprint Subject EnhancedKeyUsageList
---------- ------- --------------------
5EE24BC50C5CA935658F4D022E6EF657702B671C CN=localhost {Client Authentication, Server Authentication}
PS D:\temp> Export-Certificate -Cert $Certificate -FilePath "self-signed.cer"
Directory: D:\temp
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 11/8/2024 08:07 818 self-signed.cer
PS D:\temp> $Pwd = ConvertTo-SecureString -String "changeIt" -Force -AsPlainText
PS D:\temp> Export-PfxCertificate -Cert $Certificate -FilePath "self-signed.pfx" -Password $Pwd
Directory: D:\temp
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 11/8/2024 08:09 2646 self-signed.pfx
PS D:\temp> get-PfxData -FilePath .\self-signed.pfx -Password $pwd
OtherCertificates EndEntityCertificates
----------------- ---------------------
{} {[Subject]…