3 Replies Latest reply on Feb 26, 2002 5:19 PM by 3004

    SSL install - "invalid padding length"

    3004
      Hello all, this is my first post to this list and I'm new to WebLogic so
      please be gentle :)

      I've gotten WebLogic 6.1 installed on a Sun e420 running Solaris 8, run
      the http://127.0.0.1/certificate to create my certificate requests.
      This created three files in my /opt/bea/wlserver6.1 directory:

      www_mydomain_com-key.der
      www_mydomain_com-request.dem
      www_mydomain_com-request.pem

      I submitted the info from www_mydomain_com-request.pem to Verisign and
      gave them loads of money. I got the certificate file from Verisign
      (cert1.crt) and copied this to /opt/bea/wl_server6.1/config/mydomain (as
      well as www_mydomain_com-key.der). I opened up the web management
      console, clicked on my server, clicked on the SSL tab and entered the
      following values:
      Enabled (yes)
      Server Key File Name: config/mydomain/www_mydomain_com-key.der
      Server Certificate File Name: config/mydomain/cert1.crt
      Server Certificate Chain File Name: config/mydomain/ca.pem

      I then stopped the server from the web gui, and tried to start it from
      the command line with the following:
      # ./startWebLogic.sh -Dweblogic.management.pkpassword=mypassword &

      and I see this:
      Starting WebLogic Server ....
      <Feb 25, 2002 1:33:31 PM CST> <Notice> <Management> <Loading
      configuration file ./config/mydomain/config.xml ...>
      <Feb 25, 2002 1:33:38 PM CST> <Notice> <WebLogicServer> <Starting
      WebLogic Admin Server "floodcert2" for domain "mydomain">
      <Feb 25, 2002 1:33:38 PM CST> <Alert> <WebLogicServer> <Security
      configuration problem with certificate file
      config/mydomain/www_floodcert_com-key.der, java.io.IOException:
      weblogic.security.CipherException: Invalid padding length 233>
      java.io.IOException: weblogic.security.CipherException: Invalid padding
      length 233
      at
      weblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:157)
      at
      weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:125)
      at
      weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:391)
      at
      weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
      at
      weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1064)
      at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:492)
      at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
      at weblogic.Server.main(Server.java:35)
      ...etc...

      There seems to be something wrong with my private key, but I haven't the
      foggiest. Anybody else run into this before?


      advTHANKSance!

      Eric Lofland
      elofland@firstam.com


        • 1. Re: SSL install - "invalid padding length"
          3004
          Hi Eric
          Your configuration is incorrect
          1)WLS 6.1 supports only .pem (plain text) and .der (which is binary encoded)
          files so please rename the cert that you received from verisign as cert1.der

          2)The chain file shouldn't be set to ca.pem. That's the default to use if
          you are using the demo certificates shipped by weblogic.
          For verisign certs you can obtain the actual chain file from
          http://www.verisign.com/support/install/index.html . There is a link which
          says Get Intermediate CA Here
          3)I am assuming that you have set weblogic.management.pkpassword correctly.
          It should match the password choosen when you sent the Certificate Request.



          Eric Lofland wrote:
          Hello all, this is my first post to this list and I'm new to WebLogic so
          please be gentle :)

          I've gotten WebLogic 6.1 installed on a Sun e420 running Solaris 8, run
          the http://127.0.0.1/certificate to create my certificate requests.
          This created three files in my /opt/bea/wlserver6.1 directory:

          www_mydomain_com-key.der
          www_mydomain_com-request.dem
          www_mydomain_com-request.pem

          I submitted the info from www_mydomain_com-request.pem to Verisign and
          gave them loads of money. I got the certificate file from Verisign
          (cert1.crt) and copied this to /opt/bea/wl_server6.1/config/mydomain (as
          well as www_mydomain_com-key.der). I opened up the web management
          console, clicked on my server, clicked on the SSL tab and entered the
          following values:
          Enabled (yes)
          Server Key File Name: config/mydomain/www_mydomain_com-key.der
          Server Certificate File Name: config/mydomain/cert1.crt
          Server Certificate Chain File Name: config/mydomain/ca.pem

          I then stopped the server from the web gui, and tried to start it from
          the command line with the following:
          # ./startWebLogic.sh -Dweblogic.management.pkpassword=mypassword &

          and I see this:
          Starting WebLogic Server ....
          <Feb 25, 2002 1:33:31 PM CST> <Notice> <Management> <Loading
          configuration file ./config/mydomain/config.xml ...>
          <Feb 25, 2002 1:33:38 PM CST> <Notice> <WebLogicServer> <Starting
          WebLogic Admin Server "floodcert2" for domain "mydomain">
          <Feb 25, 2002 1:33:38 PM CST> <Alert> <WebLogicServer> <Security
          configuration problem with certificate file
          config/mydomain/www_floodcert_com-key.der, java.io.IOException:
          weblogic.security.CipherException: Invalid padding length 233>
          java.io.IOException: weblogic.security.CipherException: Invalid padding
          length 233
          at
          weblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:157)
          at
          weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:125)
          at
          weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:391)
          at
          weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
          at
          weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1064)
          at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:492)
          at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
          at weblogic.Server.main(Server.java:35)
          ...etc...

          There seems to be something wrong with my private key, but I haven't the
          foggiest. Anybody else run into this before?

          advTHANKSance!

          Eric Lofland
          elofland@firstam.com
          • 2. Re: SSL install - "invalid padding length"
            3004

            Thanks for writing Yeshwant, I tried your suggestions but I'm still
            getting the same error message. It seems to be related to my private
            key (generated by the WebLogic certificate app) Here's the error
            message from this run:

            Starting WebLogic Server ....
            <Feb 26, 2002 8:07:03 AM CST> <Notice> <Management> <Loading
            configuration file
            ./config/mydomain/config.xml ...>
            <Feb 26, 2002 8:07:09 AM CST> <Notice> <WebLogicServer> <Starting
            WebLogic Admin
            Server "myserver" for domain "mydomain">
            <Feb 26, 2002 8:07:10 AM CST> <Alert> <WebLogicServer> <Security
            configuration p
            roblem with certificate file config/mydomain/www_mydomain_com-key.der,
            java.io.
            IOException: weblogic.security.CipherException: Invalid padding length 233>
            java.io.IOException: weblogic.security.CipherException: Invalid padding
            length 2
            33
            at
            weblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:15
            7)
            at
            weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:1
            25)
            at
            weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:391)
            at
            weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
            at
            weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1064)
            at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:492)
            at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
            at weblogic.Server.main(Server.java:35)


            Yeshwant wrote:
            Hi Eric
            Your configuration is incorrect
            1)WLS 6.1 supports only .pem (plain text) and .der (which is binary encoded)
            files so please rename the cert that you received from verisign as cert1.der

            2)The chain file shouldn't be set to ca.pem. That's the default to use if
            you are using the demo certificates shipped by weblogic.
            For verisign certs you can obtain the actual chain file from
            http://www.verisign.com/support/install/index.html . There is a link which
            says Get Intermediate CA Here
            3)I am assuming that you have set weblogic.management.pkpassword correctly.
            It should match the password choosen when you sent the Certificate Request.



            Eric Lofland wrote:

            Hello all, this is my first post to this list and I'm new to WebLogic so
            please be gentle :)

            I've gotten WebLogic 6.1 installed on a Sun e420 running Solaris 8, run
            the http://127.0.0.1/certificate to create my certificate requests.
            This created three files in my /opt/bea/wlserver6.1 directory:

            www_mydomain_com-key.der
            www_mydomain_com-request.dem
            www_mydomain_com-request.pem

            I submitted the info from www_mydomain_com-request.pem to Verisign and
            gave them loads of money. I got the certificate file from Verisign
            (cert1.crt) and copied this to /opt/bea/wl_server6.1/config/mydomain (as
            well as www_mydomain_com-key.der). I opened up the web management
            console, clicked on my server, clicked on the SSL tab and entered the
            following values:
            Enabled (yes)
            Server Key File Name: config/mydomain/www_mydomain_com-key.der
            Server Certificate File Name: config/mydomain/cert1.crt
            Server Certificate Chain File Name: config/mydomain/ca.pem

            I then stopped the server from the web gui, and tried to start it from
            the command line with the following:
            # ./startWebLogic.sh -Dweblogic.management.pkpassword=mypassword &

            and I see this:
            Starting WebLogic Server ....
            <Feb 25, 2002 1:33:31 PM CST> <Notice> <Management> <Loading
            configuration file ./config/mydomain/config.xml ...>
            <Feb 25, 2002 1:33:38 PM CST> <Notice> <WebLogicServer> <Starting
            WebLogic Admin Server "floodcert2" for domain "mydomain">
            <Feb 25, 2002 1:33:38 PM CST> <Alert> <WebLogicServer> <Security
            configuration problem with certificate file
            config/mydomain/www_floodcert_com-key.der, java.io.IOException:
            weblogic.security.CipherException: Invalid padding length 233>
            java.io.IOException: weblogic.security.CipherException: Invalid padding
            length 233
            at
            weblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:157)
            at
            weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:125)
            at
            weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:391)
            at
            weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
            at
            weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1064)
            at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:492)
            at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
            at weblogic.Server.main(Server.java:35)
            ...etc...

            There seems to be something wrong with my private key, but I haven't the
            foggiest. Anybody else run into this before?

            advTHANKSance!

            Eric Lofland
            elofland@firstam.com
            • 3. Re: SSL install - "invalid padding length"
              3004
              Eric,
              If you are using Password encrypted private key then, you have to go to the
              console --->serverName-->SSL tab and check on a box which says Use Encrypted.
              Also I would recommend using Service Pack 2 for WLS6.1 if you haven't done that
              already.
              Did you get it to work using the demo certificates provided ?




              Eric Lofland wrote:
              Thanks for writing Yeshwant, I tried your suggestions but I'm still
              getting the same error message. It seems to be related to my private
              key (generated by the WebLogic certificate app) Here's the error
              message from this run:

              Starting WebLogic Server ....
              <Feb 26, 2002 8:07:03 AM CST> <Notice> <Management> <Loading
              configuration file
              ./config/mydomain/config.xml ...>
              <Feb 26, 2002 8:07:09 AM CST> <Notice> <WebLogicServer> <Starting
              WebLogic Admin
              Server "myserver" for domain "mydomain">
              <Feb 26, 2002 8:07:10 AM CST> <Alert> <WebLogicServer> <Security
              configuration p
              roblem with certificate file config/mydomain/www_mydomain_com-key.der,
              java.io.
              IOException: weblogic.security.CipherException: Invalid padding length 233>
              java.io.IOException: weblogic.security.CipherException: Invalid padding
              length 2
              33
              at
              weblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:15
              7)
              at
              weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:1
              25)
              at
              weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:391)
              at
              weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
              at
              weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1064)
              at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:492)
              at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
              at weblogic.Server.main(Server.java:35)

              Yeshwant wrote:
              Hi Eric
              Your configuration is incorrect
              1)WLS 6.1 supports only .pem (plain text) and .der (which is binary encoded)
              files so please rename the cert that you received from verisign as cert1.der

              2)The chain file shouldn't be set to ca.pem. That's the default to use if
              you are using the demo certificates shipped by weblogic.
              For verisign certs you can obtain the actual chain file from
              http://www.verisign.com/support/install/index.html . There is a link which
              says Get Intermediate CA Here
              3)I am assuming that you have set weblogic.management.pkpassword correctly.
              It should match the password choosen when you sent the Certificate Request.



              Eric Lofland wrote:

              Hello all, this is my first post to this list and I'm new to WebLogic so
              please be gentle :)

              I've gotten WebLogic 6.1 installed on a Sun e420 running Solaris 8, run
              the http://127.0.0.1/certificate to create my certificate requests.
              This created three files in my /opt/bea/wlserver6.1 directory:

              www_mydomain_com-key.der
              www_mydomain_com-request.dem
              www_mydomain_com-request.pem

              I submitted the info from www_mydomain_com-request.pem to Verisign and
              gave them loads of money. I got the certificate file from Verisign
              (cert1.crt) and copied this to /opt/bea/wl_server6.1/config/mydomain (as
              well as www_mydomain_com-key.der). I opened up the web management
              console, clicked on my server, clicked on the SSL tab and entered the
              following values:
              Enabled (yes)
              Server Key File Name: config/mydomain/www_mydomain_com-key.der
              Server Certificate File Name: config/mydomain/cert1.crt
              Server Certificate Chain File Name: config/mydomain/ca.pem

              I then stopped the server from the web gui, and tried to start it from
              the command line with the following:
              # ./startWebLogic.sh -Dweblogic.management.pkpassword=mypassword &

              and I see this:
              Starting WebLogic Server ....
              <Feb 25, 2002 1:33:31 PM CST> <Notice> <Management> <Loading
              configuration file ./config/mydomain/config.xml ...>
              <Feb 25, 2002 1:33:38 PM CST> <Notice> <WebLogicServer> <Starting
              WebLogic Admin Server "floodcert2" for domain "mydomain">
              <Feb 25, 2002 1:33:38 PM CST> <Alert> <WebLogicServer> <Security
              configuration problem with certificate file
              config/mydomain/www_floodcert_com-key.der, java.io.IOException:
              weblogic.security.CipherException: Invalid padding length 233>
              java.io.IOException: weblogic.security.CipherException: Invalid padding
              length 233
              at
              weblogic.security.RSAPrivateKeyPKCS8.input(RSAPrivateKeyPKCS8.java:157)
              at
              weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:125)
              at
              weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:391)
              at
              weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
              at
              weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1064)
              at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:492)
              at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
              at weblogic.Server.main(Server.java:35)
              ...etc...

              There seems to be something wrong with my private key, but I haven't the
              foggiest. Anybody else run into this before?

              advTHANKSance!

              Eric Lofland
              elofland@firstam.com