tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chip chipper <chipper7...@hotmail.com>
Subject RE: SSL setup for tomcat 7.0.10 using a CA cert
Date Sun, 08 May 2011 22:54:38 GMT

Chuck

The tomcat keystore was the wrong file.  Thanks for the hint.  I had a tomcat.keystore and
a keystore.tomcat.
Better naming would have avoided the embarrassment of using a user-group.

Thanks for the assistance and your time

Chip

> From: Chuck.Caldarale@unisys.com
> To: users@tomcat.apache.org
> Date: Sun, 8 May 2011 10:08:23 -0500
> Subject: RE: SSL setup for tomcat 7.0.10 using a CA cert
> 
> > From: chip chipper [mailto:chipper7757@hotmail.com] 
> > Subject: FW: SSL setup for tomcat 7.0.10 using a CA cert
> 
> > May 7, 2011 9:19:09 PM org.apache.catalina.startup.SetAllPropertiesRule begin
> > WARNING:
> >  [SetAllPropertiesRule]{Server/Service/Connector} Setting property 
> > 'maxSpareThreads' to '75' did not find a matching property.
> 
> Read the Tomcat 7 doc - there is no maxSpareThreads attribute for a <Connector>.
> 
> > May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
> > WARNING:
> >  [SetPropertiesRule]{Server/Service/Engine/Host} Setting property 
> > 'liveDeploy' to 'false' did not find a matching property.
> 
> Ditto for liveDeploy on a <Host>.
> 
> > May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
> > WARNING:
> >  [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting 
> > property 'debug' to '1' did not find a matching property.
> 
> Ditto for debug on a <Context>.
> 
> Looks like you have grabbed an ancient server.xml and tried to use it with Tomcat 7 -
you simply can't do that.  Read the Tomcat 7 configuration guide and set what you need properly.
> 
> > May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
> > SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8443"]
> > java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
> 
> > My understanding of this is that there is an ASN.1 encoding error.
> > The length is bigger than expected.
> 
> Can you examine the certificates using keytool and see what it thinks of them?
> 
> > keytool ... -keystore mykeystore
> >
> > openssl ... -out keystore.tomcat
> >
> > keytool ... -keystore tomcat.keystore
> 
> I count three different keystore names here; which are we to believe?
> 
> > <Connector protocol="org.apache.coyote.http11.Http11Protocol"
> >            port="8443" maxThreads="200"
> >            scheme="https" secure="true" SSLEnabled="true"
> >            keystoreFile="C:/cert/my.keystore" keystorePass="changeit"
> >            clientAuth="false" sslProtocol="TLS"/>
> 
> And a fourth keystore name here.
> 
> Also, what you have above does not correspond with the maxSpareThreads error message
displayed in the log.  Either you're confusing everyone by reporting one set of log entries
along with an unrelated config, or you're not running the config you think you are.  It would
be useful if you posted your entire server.xml file, with comments removed.
> 
> > <Listener className="org.apache.catalina.core.AprLifecycleListener"
> >           SSLEngine="off" />
> 
> You can't run APR with JSSE handling the SSL negotiation, so turning SSLEngine off is
not useful.  Besides, you don't appear to have the tcnative-1.dll installed, and you've forced
use of the BIO connector, so changing the AprLifeCycleListener is ineffective.
> 
>  - Chuck
> 
> 
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and
is thus for use only by the intended recipient. If you received this in error, please contact
the sender and delete the e-mail and its attachments from all computers.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message