tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: SSL setup for tomcat 7.0.10 using a CA cert
Date Sun, 08 May 2011 13:48:54 GMT

Chip-
take all the 32bit folders off the PATH
best to SET CLASSPATH=

download the 64bit windoze version of Tomcat7 from
http://tomcat.apache.org/download-70.cgi

reconfigure and let us know if there any further issues

Martin Gainty 
______________________________________________ 
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
 
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten
wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist
unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet
keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen
wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire
prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe
quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information
seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les
email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune
responsabilité pour le contenu fourni.




> From: chipper7757@hotmail.com
> To: users@tomcat.apache.org
> Subject: FW: SSL setup for tomcat 7.0.10 using a CA cert
> Date: Sun, 8 May 2011 08:09:12 -0400
> 
> 
> 
> I have been trying to install a certificate on a Tomcat 7.0.10 on a Windows 64 bit 2008
server and getting this error.
> 
> Error Message
> DerInputStream.getLength(): lengthTag=109, too big.
> 
> 2011-05-07 21:19:08 Commons Daemon procrun stderr initialized
> May 7, 2011 9:19:09 PM org.apache.catalina.core.AprLifecycleListener init
> INFO:
>  The APR based Apache Tomcat Native library which allows optimal 
> performance in production environments was not found on the 
> java.library.path: D:\Tomcat 
> 7.0\bin;.;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;D:\apache-ant-1.8.2\bin\;C:\Program
>  Files\Java\jdk1.6.0_25\bin\;C:\OpenSSL-Win32\bin\
> May 7, 2011 9:19:09 PM org.apache.catalina.startup.SetAllPropertiesRule begin
> WARNING:
>  [SetAllPropertiesRule]{Server/Service/Connector} Setting property 
> 'maxSpareThreads' to '75' did not find a matching property.
> May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
> WARNING:
>  [SetPropertiesRule]{Server/Service/Engine/Host} Setting property 
> 'liveDeploy' to 'false' did not find a matching property.
> May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
> WARNING:
>  [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting 
> property 'debug' to '1' did not find a matching property.
> May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
> INFO: Initializing ProtocolHandler ["http-bio-8443"]
> May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
> SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8443"]
> java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
>     at sun.security.util.DerInputStream.getLength(Unknown Source)
>     at sun.security.util.DerValue.init(Unknown Source)
>     at sun.security.util.DerValue.<init>(Unknown Source)
>     at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
>     at java.security.KeyStore.load(Unknown Source)
>     at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:409)
>     at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:308)
>     at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:561)
>     at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:507)
>     at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:451)
>     at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:159)
>     at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:365)
>     at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483)
>     at org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345)
>     at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
>     at org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
>     at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
>     at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
>     at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
>     at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
>     at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
>     at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
>     at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
>     at java.lang.reflect.Method.invoke(Unknown Source)
>     at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
>     at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
> May 7, 2011 9:19:10 PM org.apache.catalina.core.StandardService initInternal
> SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
> org.apache.catalina.LifecycleException: Protocol handler initialization failed
>     at org.apache.catalina.connector.Connector.initInternal(Connector.java:912)
>     at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
>     at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
>     at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
>     at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
>     at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
>     at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
>     at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
>     at java.lang.reflect.Method.invoke(Unknown Source)
>     at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
>     at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
> Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
>     at sun.security.util.DerInputStream.getLength(Unknown Source)
>     at sun.security.util.DerValue.init(Unknown Source)
>     at sun.security.util.DerValue.<init>(Unknown Source)
>     at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
>     at java.security.KeyStore.load(Unknown Source)
>     at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:409)
>     at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:308)
>     at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:561)
>     at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:507)
>     at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:451)
>     at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:159)
>     at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:365)
>     at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483)
>     at org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345)
>     at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
>     at org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
>     ... 13 more
> 
> My understanding of this is that there is an ASN.1 encoding error.  The length is bigger
than expected.
> How should I proceed from here?
> Any help would be appreciated
> 
> I have tried the 2 means specified by the certificate provider.
> 
> keytool -genkey -alias tomcat -keyalg RSA -keystore mykeystore
> keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore mykeystore
> 
> I have it authorized by the CA
> 
> then performed the following methods:
> 
> Trial 1:
> 
> openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in mysite.crt
>  -inkey privateKey.pem
>  -out keystore.tomcat -name tomcat -passout pass:changeit
> 
> 
> 
> Trial 2:
> 
> keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file valicert_class2_root.crt
> First intermediate (gd_cross_intermediate.crt):
> 
> keytool -import -alias cross -keystore tomcat.keystore -trustcacerts -file gd_cross_intermediate.crt
> Second intermediate (gd_intermediate.crt):
> 
> keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gd_intermediate.crtkeytool
-import -alias tomcat -keystore tomcat.keystore -trustcacerts -file mysite.crt
> 
> 
> 
> I changed the server.xml to have the following:
> 
> <Connector protocol="org.apache.coyote.http11.Http11Protocol"
>            port="8443" maxThreads="200"
>            scheme="https" secure="true" SSLEnabled="true"
>            keystoreFile="C:/cert/my.keystore" keystorePass="changeit"
>            clientAuth="false" sslProtocol="TLS"/>
> 
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
>           SSLEngine="off" />
> 
> 
> Thanks
> 
> 
>  		 	   		  
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message