tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chip chipper <chipper7...@hotmail.com>
Subject FW: SSL setup for tomcat 7.0.10 using a CA cert
Date Sun, 08 May 2011 12:09:12 GMT


I have been trying to install a certificate on a Tomcat 7.0.10 on a Windows 64 bit 2008 server
and getting this error.

Error Message
DerInputStream.getLength(): lengthTag=109, too big.

2011-05-07 21:19:08 Commons Daemon procrun stderr initialized
May 7, 2011 9:19:09 PM org.apache.catalina.core.AprLifecycleListener init
INFO:
 The APR based Apache Tomcat Native library which allows optimal 
performance in production environments was not found on the 
java.library.path: D:\Tomcat 
7.0\bin;.;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;D:\apache-ant-1.8.2\bin\;C:\Program
 Files\Java\jdk1.6.0_25\bin\;C:\OpenSSL-Win32\bin\
May 7, 2011 9:19:09 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING:
 [SetAllPropertiesRule]{Server/Service/Connector} Setting property 
'maxSpareThreads' to '75' did not find a matching property.
May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING:
 [SetPropertiesRule]{Server/Service/Engine/Host} Setting property 
'liveDeploy' to 'false' did not find a matching property.
May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING:
 [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting 
property 'debug' to '1' did not find a matching property.
May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
INFO: Initializing ProtocolHandler ["http-bio-8443"]
May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8443"]
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
    at sun.security.util.DerInputStream.getLength(Unknown Source)
    at sun.security.util.DerValue.init(Unknown Source)
    at sun.security.util.DerValue.<init>(Unknown Source)
    at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
    at java.security.KeyStore.load(Unknown Source)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:409)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:308)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:561)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:507)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:451)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:159)
    at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:365)
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483)
    at org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345)
    at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
    at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
May 7, 2011 9:19:10 PM org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:912)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
    at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
    at sun.security.util.DerInputStream.getLength(Unknown Source)
    at sun.security.util.DerValue.init(Unknown Source)
    at sun.security.util.DerValue.<init>(Unknown Source)
    at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
    at java.security.KeyStore.load(Unknown Source)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:409)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:308)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:561)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:507)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:451)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:159)
    at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:365)
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483)
    at org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345)
    at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
    ... 13 more

My understanding of this is that there is an ASN.1 encoding error.  The length is bigger than
expected.
How should I proceed from here?
Any help would be appreciated

I have tried the 2 means specified by the certificate provider.

keytool -genkey -alias tomcat -keyalg RSA -keystore mykeystore
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore mykeystore

I have it authorized by the CA

then performed the following methods:

Trial 1:

openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in mysite.crt
 -inkey privateKey.pem
 -out keystore.tomcat -name tomcat -passout pass:changeit



Trial 2:

keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file valicert_class2_root.crt
First intermediate (gd_cross_intermediate.crt):

keytool -import -alias cross -keystore tomcat.keystore -trustcacerts -file gd_cross_intermediate.crt
Second intermediate (gd_intermediate.crt):

keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gd_intermediate.crtkeytool
-import -alias tomcat -keystore tomcat.keystore -trustcacerts -file mysite.crt



I changed the server.xml to have the following:

<Connector protocol="org.apache.coyote.http11.Http11Protocol"
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="C:/cert/my.keystore" keystorePass="changeit"
           clientAuth="false" sslProtocol="TLS"/>

<Listener className="org.apache.catalina.core.AprLifecycleListener"
          SSLEngine="off" />


Thanks


 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message