Bug #37384
Updated by Evgeni Golov about 2 months ago
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=2277005 When upgrading to Katello 4.11 in a FIPS enabled environment we are seeing issues related to regenerating and reimporting the candlepin-ca; <pre> ~~~ 2024-04-24 11:22:55 [ERROR ] [configure] /Stage[main]/Certs::Candlepin/Truststore_certificate[/etc/candlepin/certs/truststore:candlepin-ca]/ensure: change from 'absent' to 'present' failed: Execution of '/bin/keytool -import -v -noprompt -storetype pkcs12 -keystore /etc/candlepin/certs/truststore -alias candlepin-ca -file /etc/candlepin/certs/candlepin-ca.crt -storepass:file /etc/pki/katello/truststore_password-file -J-Dcom.redhat.fips=false' returned 1: keytool error: java.io.IOException: keystore password was incorrect 2024-04-24 11:22:55 [ERROR ] [configure] java.io.IOException: keystore password was incorrect 2024-04-24 11:22:55 [ERROR ] [configure] at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2089) 2024-04-24 11:22:55 [ERROR ] [configure] at java.security.KeyStore.load(KeyStore.java:1445) 2024-04-24 11:22:55 [ERROR ] [configure] at sun.security.tools.keytool.Main.doCommands(Main.java:839) 2024-04-24 11:22:55 [ERROR ] [configure] at sun.security.tools.keytool.Main.run(Main.java:380) 2024-04-24 11:22:55 [ERROR ] [configure] at sun.security.tools.keytool.Main.main(Main.java:373) 2024-04-24 11:22:55 [ERROR ] [configure] Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption. </pre> ~~~