tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Balakrishna Kudaravalli <bkuda...@cisco.com>
Subject Re: Tomcat 4.1.24 enable SSL
Date Mon, 28 Apr 2003 15:34:14 GMT
Hi Bill,

Thanks for your reply. I followed your instructions on setting up pkcs12 
keystore (contains server & CA certs) attributes. After the changes, Tomcat 
4.1.24 does not startup I get the following error in my logs: Would 
appreciate if anyone could let me know why I am getting the following error

INFO: Initializing Coyote HTTP/1.1 on port 4040
Apr 28, 2003 8:28:40 AM org.apache.coyote.http11.Http11Protocol init
SEVERE: Error initializing endpoint
java.io.IOException: DerInputStream.getLength(): lengthTag=105, too big.
         at sun.security.util.DerInputStream.getLength(DerInputStream.java:502)
         at sun.security.util.DerValue.init(DerValue.java:333)
         at sun.security.util.DerValue.<init>(DerValue.java:289)
         at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(DashoA6275)
         at java.security.KeyStore.load(KeyStore.java:652)
         at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.initKeyStore(JSSESocketFactory.java:271)
         at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.initProxy(JSSESocketFactory.java:193)
         at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:127)
         at 
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:275)
         at 
org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:150)
         at 
org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector.java:1117)
         at 
org.apache.catalina.core.StandardService.initialize(StandardService.java:579)
         at 
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:2246)
         at org.apache.catalina.startup.Catalina.start(Catalina.java:511)
         at org.apache.catalina.startup.Catalina.execute(Catalina.java:400)
         at org.apache.catalina.startup.Catalina.process(Catalina.java:180)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:324)
         at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203)
Catalina.start: LifecycleException:  Protocol handler initialization 
failed: java.io.IOException: DerInputStream.getLength(): lengthTag=105, t
oo big.
LifecycleException:  Protocol handler initialization failed: 
java.io.IOException: DerInputStream.getLength(): lengthTag=105, too big.
         at 
org.apache.coyote.tomcat4.CoyoteConnector.initialize(CoyoteConnector.java:1119)
         at 
org.apache.catalina.core.StandardService.initialize(StandardService.java:579)
         at 
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:2246)
         at org.apache.catalina.startup.Catalina.start(Catalina.java:511)
         at org.apache.catalina.startup.Catalina.execute(Catalina.java:400)
         at org.apache.catalina.startup.Catalina.process(Catalina.java:180)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:324)
         at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203)
Catalina.stop: LifecycleException:  This server has not yet been started
LifecycleException:  This server has not yet been started
         at 
org.apache.catalina.core.StandardServer.stop(StandardServer.java:2213)
         at org.apache.catalina.startup.Catalina.start(Catalina.java:543)
         at org.apache.catalina.startup.Catalina.execute(Catalina.java:400)
         at org.apache.catalina.startup.Catalina.process(Catalina.java:180)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:324)
         at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203)

Thank you,
-Bala


At 09:56 PM 4/24/2003 -0700, Bill Barker wrote:
>The pkcs12 file *is* your keystore.  On the <Factory> tag in server.xml, set
>the keystoreFile attribute to point to your pkcs12 file, and set the
>keystoreType="pkcs12" attribute as well.
>
>At least with Sun's implementation, the pkcs12 keystore support is limited.
>It works fine for me if I just have the server-cert in the pkcs12 file.  If
>I include the signers in an OpenSSL pkcs12 file, it has problems.  The
>obvious work-around is to import the signers into the cacerts, and strip
>them from the pkcs12 file.
>
>"Balakrishna Kudaravalli" <bkudarav@cisco.com> wrote in message
>news:4.3.2.7.2.20030424120548.02577b70@wells.cisco.com...
> > Hi All,
> >
> > I am re-posting this mail. Could any one plesae help me.
> >
> > Thanks,
> > -Bala
> >
> >
> > Hi Mark,
> >
> > Could you please let me know the command I need to use to import a pkcs12
> > server cert into a keystore (assuming I need to create a new keystore). Do
> > I need to have only a server cert in the keystore or both server & CA
>certs
> > to enable SSL on Tomcat.
> >
> > Thanks for all your help.
> >
> > Regards,
> > -Bala
> >
> >
> > At 07:03 AM 4/24/2003 -0400, you wrote:
> > >you should be able to use PKCS12.  Just change the keystore type from JKS
> > >(default) to PKCS12.
> > >
> > >Balakrishna Kudaravalli wrote:
> > >
> > >>Hi All,
> > >>
> > >>Issue: Enabling SSL for Tomcat 4.1.24
> > >>
> > >>1. I have created a cert using keytool -genkey -alias tomcat -keyalg
> > >>RSA  and have given a password "changeit" (default)
> > >>2. Uncommented SSL coyote HTTP/1.1 connector in server.xml. Since the
> > >>Keystore is at a deafault loc, I have not given a keystoreFile attribute
> > >>3. On starting up Tomcat, HTTPS works fine
> > >>
> > >>Issue:
> > >>4. Now, I need to replace the default cert with the certs provided by
>our
> > >>internal folks. How do I do that ? the certs provided to me are in pkcs
> > >>12 format:
> > >>
> > >>5. Should I convert the pkcs12 certs into x509 ?
> > >>
> > >>6. What certs should I import into the keystore (server, client, ca) ?
> > >>
> > >>Your help would be greatly appreciated.
> > >>
> > >>Thank you,
> > >>-Bala
> > >>
> > >
> > >
> > >
> > >---------------------------------------------------------------------
> > >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message