Per step 3b of this Jetty guide for using Keytool and OpenSSL, last step, I'm doing the command:
keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore
When I run the command, I get: keytool error: java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
Do you know how to resolve this?
I also came across a similar issue. I realized finally that the destination keystore had a key password also specified. So I had to use an extra argument 'destkeypass' to import the keys successfully.
In my case, I had done some of the steps using Windows openSSL that I downloaded, and other steps using the openSSL already existing on the CentOs6 box. When I did all the steps on the CentOs/linux box, the error went away.
Secondary perhaps helful note linux openSSL and Godaddy, note when you begin the "create CSR" process, use 2048 in generating the site.key, namely:
openssl genrsa -des3 -out site.key 2048
----------------- update ------------------
I think this error is instead related to a password problem I made in the steps.
After one does:
openssl pkcs12 -export -inkey jetty.key -in cert-chain.txt -out jetty.pkcs12
the tool prompts, Enter Export Password:
This password entered, must then be used in the next step, the one I did was:
java -classpath jetty-util-6.1.19.jar:jetty-6.1.19.jar org.mortbay.jetty.security.PKCS12Import jetty.pkcs12 keystore
however per this documentation that step may apparently equally be:
keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore