Chip-
take all the 32bit folders off the PATH
best to SET CLASSPATH=
download the 64bit windoze version of Tomcat7 from
http://tomcat.apache.org/download-70.cgi
reconfigure and let us know if there any further issues
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung.
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung
fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est
interdite. Ce message sert à l'information seulement et n'aura pas n'importe
quel effet légalement obligatoire. Étant donné que les email peuvent facilement
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.
> From: chipper7...@hotmail.com
> To: users@tomcat.apache.org
> Subject: FW: SSL setup for tomcat 7.0.10 using a CA cert
> Date: Sun, 8 May 2011 08:09:12 -0400
>
>
>
> I have been trying to install a certificate on a Tomcat 7.0.10 on a Windows
> 64 bit 2008 server and getting this error.
>
> Error Message
> DerInputStream.getLength(): lengthTag=109, too big.
>
> 2011-05-07 21:19:08 Commons Daemon procrun stderr initialized
> May 7, 2011 9:19:09 PM org.apache.catalina.core.AprLifecycleListener init
> INFO:
> The APR based Apache Tomcat Native library which allows optimal
> performance in production environments was not found on the
> java.library.path: D:\Tomcat
> 7.0\bin;.;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;D:\apache-ant-1.8.2\bin\;C:\Program
> Files\Java\jdk1.6.0_25\bin\;C:\OpenSSL-Win32\bin\
> May 7, 2011 9:19:09 PM org.apache.catalina.startup.SetAllPropertiesRule begin
> WARNING:
> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'maxSpareThreads' to '75' did not find a matching property.
> May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
> WARNING:
> [SetPropertiesRule]{Server/Service/Engine/Host} Setting property
> 'liveDeploy' to 'false' did not find a matching property.
> May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
> WARNING:
> [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting
> property 'debug' to '1' did not find a matching property.
> May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
> INFO: Initializing ProtocolHandler ["http-bio-8443"]
> May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
> SEVERE: Failed to initialize end point associated with ProtocolHandler
> ["http-bio-8443"]
> java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
> at sun.security.util.DerInputStream.getLength(Unknown Source)
> at sun.security.util.DerValue.init(Unknown Source)
> at sun.security.util.DerValue.<init>(Unknown Source)
> at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(Unknown
> Source)
> at java.security.KeyStore.load(Unknown Source)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:409)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:308)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:561)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:507)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:451)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:159)
> at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:365)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483)
> at
> org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345)
> at
> org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
> at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
> at
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
> at
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
> May 7, 2011 9:19:10 PM org.apache.catalina.core.StandardService initInternal
> SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
> org.apache.catalina.LifecycleException: Protocol handler initialization failed
> at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:912)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
> at
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
> at
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
> Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=109,
> too big.
> at sun.security.util.DerInputStream.getLength(Unknown Source)
> at sun.security.util.DerValue.init(Unknown Source)
> at sun.security.util.DerValue.<init>(Unknown Source)
> at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(Unknown
> Source)
> at java.security.KeyStore.load(Unknown Source)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:409)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:308)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:561)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:507)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:451)
> at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:159)
> at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:365)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483)
> at
> org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345)
> at
> org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
> at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
> ... 13 more
>
> My understanding of this is that there is an ASN.1 encoding error. The
> length is bigger than expected.
> How should I proceed from here?
> Any help would be appreciated
>
> I have tried the 2 means specified by the certificate provider.
>
> keytool -genkey -alias tomcat -keyalg RSA -keystore mykeystore
> keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore
> mykeystore
>
> I have it authorized by the CA
>
> then performed the following methods:
>
> Trial 1:
>
> openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in mysite.crt
> -inkey privateKey.pem
> -out keystore.tomcat -name tomcat -passout pass:changeit
>
>
>
> Trial 2:
>
> keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file
> valicert_class2_root.crt
> First intermediate (gd_cross_intermediate.crt):
>
> keytool -import -alias cross -keystore tomcat.keystore -trustcacerts -file
> gd_cross_intermediate.crt
> Second intermediate (gd_intermediate.crt):
>
> keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file
> gd_intermediate.crtkeytool -import -alias tomcat -keystore tomcat.keystore
> -trustcacerts -file mysite.crt
>
>
>
> I changed the server.xml to have the following:
>
> <Connector protocol="org.apache.coyote.http11.Http11Protocol"
> port="8443" maxThreads="200"
> scheme="https" secure="true" SSLEnabled="true"
> keystoreFile="C:/cert/my.keystore" keystorePass="changeit"
> clientAuth="false" sslProtocol="TLS"/>
>
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="off" />
>
>
> Thanks
>
>
>
