Using pki module created self-signed certificate in Java application

I am getting an invalid password when using a self-signed certificate generated via Windows PowerShell. I exported the cert as a pfx with a password of changeIt. During application startup, the pfx is found and read but it fails with bad password.

Any suggestions on how to resolve?

SSL section of application.yaml

server:
  port: 8043
  ssl:
    enabled: true
    key-store-type: PKCS12
    key-store: classpath:keystore/self-signed.pfx
    key-store-password: changeIt
    key-alias: localhost

Stack trace on app startup

Caused by: java.lang.IllegalStateException: Could not load store from 'classpath:keystore/self-signed.pfx'
    at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:123) ~[spring-boot-3.2.5.jar:3.2.5]
    at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:89) ~[spring-boot-3.2.5.jar:3.2.5]
    ... 22 common frames omitted
Caused by: java.io.IOException: keystore password was incorrect
    at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2097) ~[na:na]
    at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:228) ~[na:na]
    at java.base/java.security.KeyStore.load(KeyStore.java:1500) ~[na:na]
    at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:119) ~[spring-boot-3.2.5.jar:3.2.5]
    ... 23 common frames omitted
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
    ... 27 common frames omitted

Create certificate process

PS D:\temp> $cert = new-SelfSignedCertificate -DnsName "localhost", "dev.testing.com" -CertStoreLocation "cert:\LocalMachine\My"
PS D:\temp> $cert

   PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject              EnhancedKeyUsageList
----------                                -------              --------------------
5EE24BC50C5CA935658F4D022E6EF657702B671C  CN=localhost         {Client Authentication, Server Authentication}

PS D:\temp> Export-Certificate -Cert $Certificate -FilePath "self-signed.cer"

    Directory: D:\temp

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a---           11/8/2024    08:07            818 self-signed.cer

PS D:\temp> $Pwd = ConvertTo-SecureString -String "changeIt" -Force -AsPlainText
PS D:\temp> Export-PfxCertificate -Cert $Certificate -FilePath "self-signed.pfx" -Password $Pwd

    Directory: D:\temp

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a---           11/8/2024    08:09           2646 self-signed.pfx

PS D:\temp> get-PfxData -FilePath .\self-signed.pfx -Password $pwd

OtherCertificates EndEntityCertificates
----------------- ---------------------
{}                {[Subject]…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.