Personally I guess your problem is similar to this one: http://www.codecomments.com/archive253-2004-4-173117.html
Perhaps you have to install a new version of the sun java security policy? Or use OpenJDK instead? Regards, Shi Yusen/Beijing Langhua Ltd. 在 2008-12-01一的 18:36 +0100,jehan procaccia写道: > Hello, > we are running our own (self-signed) PKI with a 3 level hierarchy > (itrootCA -> itCA -> tmspCA -> cas-server), and I have problem > configuring tomcat to load that CA-chain, when tomcat start it generate > an SEVERE Error > > SEVERE: Error initializing endpoint > java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big. > > I load the cas server certificate on the 8443 connector > <Connector port="8443" maxHttpHeaderSize="8192" > keystoreFile="/etc/tomcat5/cas1_tmsp_openssl.p12" > keystorePass="secret" keystoreType="pkcs12" /> > > and I load the CA-chain from CATALINA_OPTS env variable: > > CATALINA_OPTS="-Djavax.net.ssl.trustStore=/etc/tomcat5/ca-chain-IT-tmspca-itca-itrootca.keystore > > -Djavax.net.ssl.trustStorePassword=secret" > > The ca-chain keystore do contain the 3 level CA hierachy: > > [EMAIL PROTECTED] /etc/tomcat5] > $ keytool -list -v -keystore ./ca-chain-IT-tmspca-itca-itrootca.keystore > | grep Owner > Enter keystore password: secret > Owner: C=fr, O=Institut TELECOM, OU=Institut TELECOM, CN=Institut > TELECOM class2 Certificate Authority > Owner: C=fr, O=Institut TELECOM, CN=Institut TELECOM Root class1 > Certificate Authority > Owner: C=fr, O=TELECOM & Management SudParis, OU=TELECOM & Management > SudParis, CN=TELECOM & Management SudParis class3 Certificate Authority > > I googled that error "...too big.." and saw remarks abour DER vs PEM > format, so here's how I created the above keystore > [EMAIL PROTECTED] /etc/tomcat5] > $ keytool -import -keystore ca-chain-IT-tmspca-itca-itrootca.keystore > -file /etc/pki/tls/certs/itrootca.crt -alias IT_CA_class1 > and the same with the 2 other levels > > Why tomcat is complaining about " > > java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big. > > is my certificate chain too long !? or in bad format ? how can I check > that ? > Thanks. > > > PS: > I run java-1.6.0-sun-1.6.0.01-1.el5 and tomcat5-5.5.23-0jpp.7.el5_2.1 > here's tomcat catalina.out full logs at stratup: > > Using CATALINA_BASE: /usr/share/tomcat5 > Using CATALINA_HOME: /usr/share/tomcat5 > Using CATALINA_TMPDIR: /usr/share/tomcat5/temp > Using JRE_HOME: > Dec 1, 2008 6:10:52 PM org.apache.catalina.core.AprLifecycleListener > lifecycleEvent > INFO: The Apache Tomcat Native library which allows optimal performance > in production environments was not found on the java.library.path: > /usr/lib/jvm/java-1.6.0-sun-1.6.0.01/jre/lib/i386/client:/usr/lib/jvm/java-1.6.0-sun-1.6.0.01/jre/lib/i386:/usr/lib/jvm/java-1.6.0-sun-1.6.0.01/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib > Dec 1, 2008 6:10:53 PM org.apache.coyote.http11.Http11BaseProtocol init > INFO: Initializing Coyote HTTP/1.1 on http-8080 > Dec 1, 2008 6:10:53 PM org.apache.coyote.http11.Http11BaseProtocol init > SEVERE: Error initializing endpoint > java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big. > at sun.security.util.DerInputStream.getLength(DerInputStream.java:544) > at sun.security.util.DerValue.init(DerValue.java:346) > at sun.security.util.DerValue.<init>(DerValue.java:302) > at > com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1200) > at java.security.KeyStore.load(KeyStore.java:1185) > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:287) > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(JSSESocketFactory.java:261) > at > org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getTrustManagers(JSSE14SocketFactory.java:175) > at > org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:112) > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:89) > at > org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:293) > at > org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:139) > at > org.apache.catalina.connector.Connector.initialize(Connector.java:1017) > at > org.apache.catalina.core.StandardService.initialize(StandardService.java:578) > at > org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782) > at org.apache.catalina.startup.Catalina.load(Catalina.java:504) > at org.apache.catalina.startup.Catalina.load(Catalina.java:524) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) > Dec 1, 2008 6:10:53 PM org.apache.catalina.startup.Catalina load > SEVERE: Catalina.start > LifecycleException: Protocol handler initialization failed: > java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big. > at > org.apache.catalina.connector.Connector.initialize(Connector.java:1019) > at > org.apache.catalina.core.StandardService.initialize(StandardService.java:578) > at > org.apache.catalina.core.StandardServer.initialize(StandardServer.java:782) > at org.apache.catalina.startup.Catalina.load(Catalina.java:504) > at org.apache.catalina.startup.Catalina.load(Catalina.java:524) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:267) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) > Dec 1, 2008 6:10:53 PM org.apache.catalina.startup.Catalina load > INFO: Initialization processed in 763 ms > Dec 1, 2008 6:10:53 PM org.apache.catalina.core.StandardService start > INFO: Starting service Catalina > Dec 1, 2008 6:10:53 PM org.apache.catalina.core.StandardEngine start > INFO: Starting Servlet Engine: Apache Tomcat/5.5.23 > Dec 1, 2008 6:10:53 PM org.apache.catalina.core.StandardHost start > INFO: XML validation disabled > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
