Linstor with SSL failed on controller

General
1

Hi All,

I am trying to setup linstor with SSL certificate. It works fine on the satellites

However, when I change the config for controller

/etc/linstor/linstor.toml

[https]
enabled = true
listen_addr = “::”
port = 3371
keystore = “/etc/linstor/keystore.jks”
keystore_password = “password”

Under /var/log/linstor-controller log, I have seen this error:

Reported error:
===============

Category:                           Exception
Class name:                         IOException
Class canonical name:               java.io.IOException
Generated at:                       Method 'engineLoad', Source file 'PKCS12KeyStore.java', Line #2112

Error message:                      keystore password was incorrect

Call backtrace:

    Method                                   Native Class:Line number
    engineLoad                               N      sun.security.pkcs12.PKCS12KeyStore:2112
    engineLoad                               N      sun.security.util.KeyStoreDelegator:249
    load                                     N      java.security.KeyStore:1500
    loadStore                                N      com.linbit.linstor.modularcrypto.JclCryptoProvider:167
    createKeyManagers                        N      com.linbit.linstor.modularcrypto.JclCryptoProvider:126
    initializeSslContext                     N      com.linbit.linstor.modularcrypto.JclCryptoProvider:111
    initialize                               N      com.linbit.linstor.netcom.ssl.SslTcpConnectorService:200
    <init>                                   N      com.linbit.linstor.netcom.ssl.SslTcpConnectorService:145
    createNetComService                      N      com.linbit.linstor.core.ControllerNetComInitializer:434
    initNetComService                        N      com.linbit.linstor.core.ControllerNetComInitializer:598
    initialize                               N      com.linbit.linstor.core.ControllerNetComInitializer:230
    startSystemServices                      N      com.linbit.linstor.core.ApplicationLifecycleManager:93
    start                                    N      com.linbit.linstor.core.Controller:371
    main                                     N      com.linbit.linstor.core.Controller:637

Caused by:
==========

Category:                           Exception
Class name:                         UnrecoverableKeyException
Class canonical name:               java.security.UnrecoverableKeyException
Generated at:                       Method 'engineLoad', Source file 'PKCS12KeyStore.java', Line #2112

Error message:                      failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.

Call backtrace:

I tested the keystore password with keytool and it works. Not sure what can cause the issue

Thanks for any advice.

2

HI @tmnguyen

From the Error logs it looks like the keystore was configured with different encoding.

You could refer to the documentation here