RE: SSL setup for tomcat 7.0.10 using a CA cert
Chip-
take all the 32bit folders off the PATH
best to SET CLASSPATH=
download the 64bit windoze version of Tomcat7 from
http://tomcat.apache.org/download-70.cgi
reconfigure and let us know if there any further issues
Martin Gainty
__
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung.
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung
fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est
interdite. Ce message sert à l'information seulement et n'aura pas n'importe
quel effet légalement obligatoire. Étant donné que les email peuvent facilement
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.
From: chipper7...@hotmail.com
To: users@tomcat.apache.org
Subject: FW: SSL setup for tomcat 7.0.10 using a CA cert
Date: Sun, 8 May 2011 08:09:12 -0400
I have been trying to install a certificate on a Tomcat 7.0.10 on a Windows
64 bit 2008 server and getting this error.
Error Message
DerInputStream.getLength(): lengthTag=109, too big.
2011-05-07 21:19:08 Commons Daemon procrun stderr initialized
May 7, 2011 9:19:09 PM org.apache.catalina.core.AprLifecycleListener init
INFO:
The APR based Apache Tomcat Native library which allows optimal
performance in production environments was not found on the
java.library.path: D:\Tomcat
7.0\bin;.;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;D:\apache-ant-1.8.2\bin\;C:\Program
Files\Java\jdk1.6.0_25\bin\;C:\OpenSSL-Win32\bin\
May 7, 2011 9:19:09 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'maxSpareThreads' to '75' did not find a matching property.
May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host} Setting property
'liveDeploy' to 'false' did not find a matching property.
May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting
property 'debug' to '1' did not find a matching property.
May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
INFO: Initializing ProtocolHandler [http-bio-8443]
May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
SEVERE: Failed to initialize end point associated with ProtocolHandler
[http-bio-8443]
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(Unknown Source)
at sun.security.util.DerValue.init(Unknown Source)
at sun.security.util.DerValue.init(Unknown Source)
at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(Unknown
Source)
at java.security.KeyStore.load(Unknown Source)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:409)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:308)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:561)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:507)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:451)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:159)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:365)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483)
at
org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345)
at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at
RE: SSL setup for tomcat 7.0.10 using a CA cert
From: Martin Gainty [mailto:mgai...@hotmail.com] Subject: RE: SSL setup for tomcat 7.0.10 using a CA cert take all the 32bit folders off the PATH best to SET CLASSPATH= download the 64bit windoze version of Tomcat7 from http://tomcat.apache.org/download-70.cgi All of the above is completely irrelevant, as usual. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: SSL setup for tomcat 7.0.10 using a CA cert
From: chip chipper [mailto:chipper7...@hotmail.com]
Subject: FW: SSL setup for tomcat 7.0.10 using a CA cert
May 7, 2011 9:19:09 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'maxSpareThreads' to '75' did not find a matching property.
Read the Tomcat 7 doc - there is no maxSpareThreads attribute for a Connector.
May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host} Setting property
'liveDeploy' to 'false' did not find a matching property.
Ditto for liveDeploy on a Host.
May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting
property 'debug' to '1' did not find a matching property.
Ditto for debug on a Context.
Looks like you have grabbed an ancient server.xml and tried to use it with
Tomcat 7 - you simply can't do that. Read the Tomcat 7 configuration guide and
set what you need properly.
May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
SEVERE: Failed to initialize end point associated with ProtocolHandler
[http-bio-8443]
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
My understanding of this is that there is an ASN.1 encoding error.
The length is bigger than expected.
Can you examine the certificates using keytool and see what it thinks of them?
keytool ... -keystore mykeystore
openssl ... -out keystore.tomcat
keytool ... -keystore tomcat.keystore
I count three different keystore names here; which are we to believe?
Connector protocol=org.apache.coyote.http11.Http11Protocol
port=8443 maxThreads=200
scheme=https secure=true SSLEnabled=true
keystoreFile=C:/cert/my.keystore keystorePass=changeit
clientAuth=false sslProtocol=TLS/
And a fourth keystore name here.
Also, what you have above does not correspond with the maxSpareThreads error
message displayed in the log. Either you're confusing everyone by reporting
one set of log entries along with an unrelated config, or you're not running
the config you think you are. It would be useful if you posted your entire
server.xml file, with comments removed.
Listener className=org.apache.catalina.core.AprLifecycleListener
SSLEngine=off /
You can't run APR with JSSE handling the SSL negotiation, so turning SSLEngine
off is not useful. Besides, you don't appear to have the tcnative-1.dll
installed, and you've forced use of the BIO connector, so changing the
AprLifeCycleListener is ineffective.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: SSL setup for tomcat 7.0.10 using a CA cert
Chuck
The tomcat keystore was the wrong file. Thanks for the hint. I had a
tomcat.keystore and a keystore.tomcat.
Better naming would have avoided the embarrassment of using a user-group.
Thanks for the assistance and your time
Chip
From: chuck.caldar...@unisys.com
To: users@tomcat.apache.org
Date: Sun, 8 May 2011 10:08:23 -0500
Subject: RE: SSL setup for tomcat 7.0.10 using a CA cert
From: chip chipper [mailto:chipper7...@hotmail.com]
Subject: FW: SSL setup for tomcat 7.0.10 using a CA cert
May 7, 2011 9:19:09 PM org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'maxSpareThreads' to '75' did not find a matching property.
Read the Tomcat 7 doc - there is no maxSpareThreads attribute for a
Connector.
May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule
begin
WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host} Setting property
'liveDeploy' to 'false' did not find a matching property.
Ditto for liveDeploy on a Host.
May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule
begin
WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting
property 'debug' to '1' did not find a matching property.
Ditto for debug on a Context.
Looks like you have grabbed an ancient server.xml and tried to use it with
Tomcat 7 - you simply can't do that. Read the Tomcat 7 configuration guide
and set what you need properly.
May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
SEVERE: Failed to initialize end point associated with ProtocolHandler
[http-bio-8443]
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
My understanding of this is that there is an ASN.1 encoding error.
The length is bigger than expected.
Can you examine the certificates using keytool and see what it thinks of them?
keytool ... -keystore mykeystore
openssl ... -out keystore.tomcat
keytool ... -keystore tomcat.keystore
I count three different keystore names here; which are we to believe?
Connector protocol=org.apache.coyote.http11.Http11Protocol
port=8443 maxThreads=200
scheme=https secure=true SSLEnabled=true
keystoreFile=C:/cert/my.keystore keystorePass=changeit
clientAuth=false sslProtocol=TLS/
And a fourth keystore name here.
Also, what you have above does not correspond with the maxSpareThreads error
message displayed in the log. Either you're confusing everyone by reporting
one set of log entries along with an unrelated config, or you're not running
the config you think you are. It would be useful if you posted your entire
server.xml file, with comments removed.
Listener className=org.apache.catalina.core.AprLifecycleListener
SSLEngine=off /
You can't run APR with JSSE handling the SSL negotiation, so turning
SSLEngine off is not useful. Besides, you don't appear to have the
tcnative-1.dll installed, and you've forced use of the BIO connector, so
changing the AprLifeCycleListener is ineffective.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
