tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark W. Webb" <m...@dolphtech.com>
Subject Re: Tomcat 4.1.24 enable SSL
Date Tue, 29 Apr 2003 12:34:27 GMT
I have seen something close to this, and found that it was an error with 
tomcat-jk2.jar.  There is a bug in the jar file.  

Balakrishna Kudaravalli wrote:

> Hi Bill,
>
> Thanks for your reply. I followed your instructions on setting up 
> pkcs12 keystore (contains server & CA certs) attributes. After the 
> changes, Tomcat 4.1.24 does not startup I get the following error in 
> my logs: Would appreciate if anyone could let me know why I am getting 
> the following error
>
> INFO: Initializing Coyote HTTP/1.1 on port 4040
> Apr 28, 2003 8:28:40 AM org.apache.coyote.http11.Http11Protocol init
> SEVERE: Error initializing endpoint
> java.io.IOException: DerInputStream.getLength(): lengthTag=105, too big.
>         at 
> sun.security.util.DerInputStream.getLength(DerInputStream.java:502)
>         at sun.security.util.DerValue.init(DerValue.java:333)
>         at sun.security.util.DerValue.<init>(DerValue.java:289)
>         at 
> com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(DashoA6275)
>         at java.security.KeyStore.load(KeyStore.java:652)
>         at 
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.initKeyStore(JSSESocketFactory.java:271)

>
>         at 
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.initProxy(JSSESocketFactory.java:193)

>
>         at 
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:127)

>
>         at 
> org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:275) 
>
>         at 
> org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:150)
>         at 
> org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector.java:1117) 
>
>         at 
> org.apache.catalina.core.StandardService.initialize(StandardService.java:579) 
>
>         at 
> org.apache.catalina.core.StandardServer.initialize(StandardServer.java:2246) 
>
>         at org.apache.catalina.startup.Catalina.start(Catalina.java:511)
>         at 
> org.apache.catalina.startup.Catalina.execute(Catalina.java:400)
>         at 
> org.apache.catalina.startup.Catalina.process(Catalina.java:180)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
>
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

>
>         at java.lang.reflect.Method.invoke(Method.java:324)
>         at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203)
> Catalina.start: LifecycleException:  Protocol handler initialization 
> failed: java.io.IOException: DerInputStream.getLength(): lengthTag=105, t
> oo big.
> LifecycleException:  Protocol handler initialization failed: 
> java.io.IOException: DerInputStream.getLength(): lengthTag=105, too big.
>         at 
> org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector.java:1119) 
>
>         at 
> org.apache.catalina.core.StandardService.initialize(StandardService.java:579) 
>
>         at 
> org.apache.catalina.core.StandardServer.initialize(StandardServer.java:2246) 
>
>         at org.apache.catalina.startup.Catalina.start(Catalina.java:511)
>         at 
> org.apache.catalina.startup.Catalina.execute(Catalina.java:400)
>         at 
> org.apache.catalina.startup.Catalina.process(Catalina.java:180)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
>
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

>
>         at java.lang.reflect.Method.invoke(Method.java:324)
>         at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203)
> Catalina.stop: LifecycleException:  This server has not yet been started
> LifecycleException:  This server has not yet been started
>         at 
> org.apache.catalina.core.StandardServer.stop(StandardServer.java:2213)
>         at org.apache.catalina.startup.Catalina.start(Catalina.java:543)
>         at 
> org.apache.catalina.startup.Catalina.execute(Catalina.java:400)
>         at 
> org.apache.catalina.startup.Catalina.process(Catalina.java:180)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
>
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

>
>         at java.lang.reflect.Method.invoke(Method.java:324)
>         at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203)
>
> Thank you,
> -Bala
>
>
> At 09:56 PM 4/24/2003 -0700, Bill Barker wrote:
>
>> The pkcs12 file *is* your keystore.  On the <Factory> tag in 
>> server.xml, set
>> the keystoreFile attribute to point to your pkcs12 file, and set the
>> keystoreType="pkcs12" attribute as well.
>>
>> At least with Sun's implementation, the pkcs12 keystore support is 
>> limited.
>> It works fine for me if I just have the server-cert in the pkcs12 
>> file.  If
>> I include the signers in an OpenSSL pkcs12 file, it has problems.  The
>> obvious work-around is to import the signers into the cacerts, and strip
>> them from the pkcs12 file.
>>
>> "Balakrishna Kudaravalli" <bkudarav@cisco.com> wrote in message
>> news:4.3.2.7.2.20030424120548.02577b70@wells.cisco.com...
>> > Hi All,
>> >
>> > I am re-posting this mail. Could any one plesae help me.
>> >
>> > Thanks,
>> > -Bala
>> >
>> >
>> > Hi Mark,
>> >
>> > Could you please let me know the command I need to use to import a 
>> pkcs12
>> > server cert into a keystore (assuming I need to create a new 
>> keystore). Do
>> > I need to have only a server cert in the keystore or both server & CA
>> certs
>> > to enable SSL on Tomcat.
>> >
>> > Thanks for all your help.
>> >
>> > Regards,
>> > -Bala
>> >
>> >
>> > At 07:03 AM 4/24/2003 -0400, you wrote:
>> > >you should be able to use PKCS12.  Just change the keystore type 
>> from JKS
>> > >(default) to PKCS12.
>> > >
>> > >Balakrishna Kudaravalli wrote:
>> > >
>> > >>Hi All,
>> > >>
>> > >>Issue: Enabling SSL for Tomcat 4.1.24
>> > >>
>> > >>1. I have created a cert using keytool -genkey -alias tomcat -keyalg
>> > >>RSA  and have given a password "changeit" (default)
>> > >>2. Uncommented SSL coyote HTTP/1.1 connector in server.xml. Since 
>> the
>> > >>Keystore is at a deafault loc, I have not given a keystoreFile 
>> attribute
>> > >>3. On starting up Tomcat, HTTPS works fine
>> > >>
>> > >>Issue:
>> > >>4. Now, I need to replace the default cert with the certs 
>> provided by
>> our
>> > >>internal folks. How do I do that ? the certs provided to me are 
>> in pkcs
>> > >>12 format:
>> > >>
>> > >>5. Should I convert the pkcs12 certs into x509 ?
>> > >>
>> > >>6. What certs should I import into the keystore (server, client, 
>> ca) ?
>> > >>
>> > >>Your help would be greatly appreciated.
>> > >>
>> > >>Thank you,
>> > >>-Bala
>> > >>
>> > >
>> > >
>> > >
>> > >---------------------------------------------------------------------
>> > >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> > >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message