I have a certificate succesfully generated by certify the web. I have selected the deployment task to deploy to tomcat but the deployment fails. The Tomcat server is version 9.
The error in the log is:
2021-10-30 22:55:08.545 -07:00 [INF] Deploy to Tomcat:: exporting PFX format certificates and key
2021-10-30 22:55:08.569 -07:00 [INF] Deploy to Tomcat: Copying file (Windows file copy) to C:\Program Files\Apache Software Foundation\Tomcat 9\conf
2021-10-30 22:55:08.583 -07:00 [ERR] Failed to copy to destination file: C:\Program Files\Apache Software Foundation\Tomcat 9\conf:Access to the path âC:\Program Files\Apache Software Foundation\Tomcat 9\confâ is denied.
2021-10-30 22:55:08.583 -07:00 [ERR] Failed to copy to destination file: C:\Program Files\Apache Software Foundation\Tomcat 9\conf:Access to the path âC:\Program Files\Apache Software Foundation\Tomcat 9\confâ is denied.
So it looks like certify the web simply cannot access the conf folder but I then added the everyone group with full access to the folder as a test but the deployment still fails with the same error.
Why canât certify the web client copy the certificate file to the requested folder? I even downloaded procmon to view file access and there is no access denied error when certify the web tries to access the conf folder.
My guess is that youâre giving it a folder path when it is asking for a file path. It canât make a file out of the existing folder, so it gets an error.
Ah yes, as @jljtgr suggested itâs expecting you to provide a full filename for each thing to export, not just a folder. If you delete the content of the text box the placeholder text will explain that.
I would have liked to say that as well, but that specific deployment type has the example cut off and the parameter name doesnât actually say âfileâ like the other ones⌠but âDestination Pathâ.
Thanks! That seems to have gotten the certificate exported to the conf folder. But now the Tomcat server isnât starting. Iâm getting this error below indicating that the keystore password is incorrect? I was hoping the deployment task would be able to take care of this. If there is any additional documentation on using the Tomcat deployment task I havenât seen it and would love to read it.
31-Oct-2021 09:03:24.194 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1013)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1057)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:584)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:303)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
Caused by: java.lang.IllegalArgumentException: keystore password was incorrect
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:217)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1154)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
⌠12 more
Caused by: java.io.IOException: keystore password was incorrect
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2015)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:67)
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:217)
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:206)
at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:283)
at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:98)
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
⌠19 more
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
Looks like the keystore password should be blank. I removed the old keystore password in the server.xml file and restarted the service and now it is working.
You can optionally set a password if you want one under Certificate > Advanced Settings > Signing and Security (then re-request your cert), historically we just default to blank.
