I am buidling a small PKI app which uses Apache and Tomcat. The app uses certificates with 2-way authentication. Apache provides the initial authentication, and Tomcat then needs to gain access to the client cert and log the request. I am getting the error below now that I have configured mod_jk to pass the client cert 'back' to Tomcat:
Mar 14, 2003 12:40:58 PM org.apache.jk.server.JkCoyoteHandler action
SEVERE: Certificate convertion failed
java.security.cert.CertificateException: Unable to initialize, java.io.IOException: DerInputStream.getLength(): lengthTag=62, too big.
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:289)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:94)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:389)
at org.apache.jk.server.JkCoyoteHandler.action(JkCoyoteHandler.java:395)
at org.apache.coyote.Response.action(Response.java:222)
at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:310)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:261)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:632)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:590)
at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:707)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:530)
at java.lang.Thread.run(Thread.java:536)
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=62, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:502)
at sun.security.util.DerInputStream.getLength(DerInputStream.java:476)
at sun.security.util.DerValue.<init>(DerValue.java:233)
at sun.security.util.DerInputStream.getDerValue(DerInputStream.java:358)
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1608)
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:286)
... 13 more
Apache seems OK (no error in error_log or catalina_log) and I seem to go through the authentication process OK. When I configure Apache/mod_jk not to pass the cert back to Tomcat all seems to go without a hitch... Can anyone shed some light on what is happening?
Ramsay
============================================================================
A R K E M E D I A T E C H N O L O G I E S L T D VIEW POINT BASING VIEW BASINGSTOKE HAMPSHIRE RG21 4HG http://www.arkemedia.com mailto:[EMAIL PROTECTED] Tel : +44 1256 869 200 Fax : +44 1256 329 119 ============================================================================
The information in this e-mail and in any attachments is confidential and is intended solely for the attention and use of the named addressee(s). ============================================================================
If you are not the intended recipient, or a person responsible for passing it on to the intended recipient, you are not authorised to hold a copy of this information and you must therefore not disclose, copy, distribute, or retain this message or any part of it. MAILTO:[EMAIL PROTECTED] ============================================================================
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
