tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: SSL setup for tomcat 7.0.10 using a CA cert
Date Sun, 08 May 2011 15:08:23 GMT
> From: chip chipper [mailto:chipper7757@hotmail.com] 
> Subject: FW: SSL setup for tomcat 7.0.10 using a CA cert

> May 7, 2011 9:19:09 PM org.apache.catalina.startup.SetAllPropertiesRule begin
> WARNING:
>  [SetAllPropertiesRule]{Server/Service/Connector} Setting property 
> 'maxSpareThreads' to '75' did not find a matching property.

Read the Tomcat 7 doc - there is no maxSpareThreads attribute for a <Connector>.

> May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
> WARNING:
>  [SetPropertiesRule]{Server/Service/Engine/Host} Setting property 
> 'liveDeploy' to 'false' did not find a matching property.

Ditto for liveDeploy on a <Host>.

> May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
> WARNING:
>  [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting 
> property 'debug' to '1' did not find a matching property.

Ditto for debug on a <Context>.

Looks like you have grabbed an ancient server.xml and tried to use it with Tomcat 7 - you
simply can't do that.  Read the Tomcat 7 configuration guide and set what you need properly.

> May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
> SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8443"]
> java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.

> My understanding of this is that there is an ASN.1 encoding error.
> The length is bigger than expected.

Can you examine the certificates using keytool and see what it thinks of them?

> keytool ... -keystore mykeystore
>
> openssl ... -out keystore.tomcat
>
> keytool ... -keystore tomcat.keystore

I count three different keystore names here; which are we to believe?

> <Connector protocol="org.apache.coyote.http11.Http11Protocol"
>            port="8443" maxThreads="200"
>            scheme="https" secure="true" SSLEnabled="true"
>            keystoreFile="C:/cert/my.keystore" keystorePass="changeit"
>            clientAuth="false" sslProtocol="TLS"/>

And a fourth keystore name here.

Also, what you have above does not correspond with the maxSpareThreads error message displayed
in the log.  Either you're confusing everyone by reporting one set of log entries along with
an unrelated config, or you're not running the config you think you are.  It would be useful
if you posted your entire server.xml file, with comments removed.

> <Listener className="org.apache.catalina.core.AprLifecycleListener"
>           SSLEngine="off" />

You can't run APR with JSSE handling the SSL negotiation, so turning SSLEngine off is not
useful.  Besides, you don't appear to have the tcnative-1.dll installed, and you've forced
use of the BIO connector, so changing the AprLifeCycleListener is ineffective.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message