0

I have a Springboot all in which the application YAML has this entry for SSL. I generated the pfx certificate via openssl command on the EC2 and copied it to resources folder of Springboot app. I had pressed when prompted for the Keystore password while the PFX certificate generation (so, nothing set for the keystore password).

The app runs fine when deployed as a Jar and handles all HTTPS calls.

server:
  port: 9090
  ssl:
    key-store: classpath:certificate-prod.pfx
    key-store-password:
    key-store-type: PKCS12

However, when I doing a Docker Compose (locally/ Windows), the inbuilt tomcat container throws this error and the docker container stops.

Caused by: java.io.IOException: keystore password was incorrect vtx_api_app | at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2117) ~[na:na] vtx_api_app | at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222) ~[na:na] vtx_api_app | at java.base/java.security.KeyStore.load(KeyStore.java:1479) ~[na:na] vtx_api_app | at org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:67) ~[tomcat-embed-core-9.0.46.jar!/:na]

I am using JDK 11. This is my Dockerfile:

FROM adoptopenjdk:11

COPY target/analytics-api.jar analytics-api.jar

ENTRYPOINT ["sh", "-c","java -jar -Dspring.profiles.active=prod analytics-api.jar"]

Any idea whats causing this and any pointers to resolve this?

Rahul Saini
  • 2,353
  • 1
  • 16
  • 19
  • 1
    Are you using OpenSSL>=3.0.0 to create the pkcs12? Exactly what version (update) of Java are you running on EC2, and what version is in the docker image (I note adoptopenjdk on dockerhub has been EOL for 2 years now, so it's probably oldish). OpenSSL 3.0.0 up by default encrypts pkcs12 using PBKDF2-SHA256 which older updates of j11 (and some of j8) did not correctly support. If so dupe https://stackoverflow.com/questions/72412346/java-keytool-importing-pkcs12-to-jks-getting-error-keystore-password-was-incorrect . – dave_thompson_085 Aug 09 '23 at 09:30
  • @dave_thompson_085 its 3.0.2 openssl version OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) Java is java -version openjdk version "11.0.20" 2023-07-18 OpenJDK Runtime Environment (build 11.0.20+8-post-Ubuntu-1ubuntu122.04) OpenJDK 64-Bit Server VM (build 11.0.20+8-post-Ubuntu-1ubuntu122.04, mixed mode, sharing) – Rahul Saini Aug 09 '23 at 09:44

0 Answers0