Hi Mayura,

Do you have a solutionset.yaml file located in ifsroot\deliveries\build-home\ifsinstaller\?
When running the installer.cmd command, the first few lines should indicate the logFileLocation, configuration file, and solution set file found. What does the output indicate?

Best regards,
Ben -- IFS

Hi Ben, 

Thanks for the reply.

Log file attached.

The installation is detecting the solution file, so that looks good.
The output indicates that the keystore password is incorrect. This means that the specified password for the PFX file is wrong. From ifsroot, please run the following:

bin\jdk\bin\keytool.exe -list -v -storetype pkcs12 -keystore <path to your pfx file>

It will prompt for the password. Does it recognize your password?

Best regards, Ben -- IFS

One other thing. Does you certificate password begin with a special character such as !? (! has a special meaning YAML.) If so, please put single quotes around the password in ifscloud-values.yaml.

Best regards

Hi Ben,

Thanks for the reply,

Password does not have special characters, just characters and numbers

I'm getting following error for the command you suggested to run,

F:\Artifacts\ifsroot\bin\jdk\bin>keytool.exe -list -v -storetype pkcs12 -keystore F:\Artifacts\ifsroot\config\certs\certificate.pfx
Enter keystore password:
keytool error: java.io.IOException: keystore password was incorrect
java.io.IOException: keystore password was incorrect
        at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2108)
        at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
        at java.base/java.security.KeyStore.load(KeyStore.java:1479)
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:1050)
        at java.base/sun.security.tools.keytool.Main.run(Main.java:397)
        at java.base/sun.security.tools.keytool.Main.main(Main.java:390)
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
        ... 6 more

F:\Artifacts\ifsroot\bin\jdk\bin>

But my password is correct and verified several times and also I installed it to PC.

Certificate purchased from ZeroSSL and converted to pfx as below,

C:\Users\xxxxxxxx.AzureAD\xxxxxSystems\xxxx_work\Work\IT_Policy\Servers\cert\2>copy /b certificate.crt + ca_bundle.crt full_chain.crt
certificate.crt
ca_bundle.crt
        1 file(s) copied.

C:\Users\xxxxxxx\xxxxxSystems\xxx_work\Work\IT_Policy\Servers\cert\2>openssl pkcs12 -export -out certificate.pfx -inkey private.key -in full_chain.crt
Enter Export Password:
Verifying - Enter Export Password:

C:\Users\xxxxAzureAD\xxxxxSystems\xxxx_work\Work\IT_Policy\Servers\cert\2>

Please comment

Hi Ben,

Further, I tried to installed same .pfx file with wrong password to my laptop gives error and aborted installation.

But with the correct password it installed successfully.

So this is not an issue with a wrong password associated with .pfx file. There could be some other reason.

Thanks,

Hi CovMayurJ,

Do you have a solution? I have the same error with certificate.

I’m sure it´s not a password problem…

Thanks!

We had the same issue while setting up MT for IFS Cloud.

The solution for us was to recreate the pfx by telling keytool to use specific PBE algorithms for encrypting both the private key and the certificate itself in the keystore with:

 -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -macalg sha1

Final creation statement:

openssl pkcs12 -export -out final.pfx -inkey private.key -in certificate.cer -passout pass:<yourcertppw> -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -macalg sha1

Updated openssl statement which helped us to fix the similar issue

openssl pkcs12 -export -out "outcert.pfx" -inkey "inkey.key" -in "incert.pem" -passout pass:<yourpw> -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -macalg sha1