Grokbase Groups Tomcat users May 2011
FAQ
I have been trying to install a certificate on a Tomcat 7.0.10 on a Windows 64 bit 2008 server and getting this error.

Error Message
DerInputStream.getLength(): lengthTag=109, too big.

2011-05-07 21:19:08 Commons Daemon procrun stderr initialized
May 7, 2011 9:19:09 PM org.apache.catalina.core.AprLifecycleListener init
INFO:
The APR based Apache Tomcat Native library which allows optimal
performance in production environments was not found on the
java.library.path: D:\Tomcat
7.0\bin;.;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;D:\apache-ant-1.8.2\bin\;C:\Program
Files\Java\jdk1.6.0_25\bin\;C:\OpenSSL-Win32\bin\
May 7, 2011 9:19:09 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'maxSpareThreads' to '75' did not find a matching property.
May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host} Setting property
'liveDeploy' to 'false' did not find a matching property.
May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting
property 'debug' to '1' did not find a matching property.
May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
INFO: Initializing ProtocolHandler ["http-bio-8443"]
May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8443"]
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(Unknown Source)
at sun.security.util.DerValue.init(Unknown Source)
at sun.security.util.DerValue.<init>(Unknown Source)
at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:409)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:308)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:561)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:507)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:451)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:159)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:365)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483)
at org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
May 7, 2011 9:19:10 PM org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:912)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(Unknown Source)
at sun.security.util.DerValue.init(Unknown Source)
at sun.security.util.DerValue.<init>(Unknown Source)
at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:409)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:308)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:561)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:507)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:451)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:159)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:365)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483)
at org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
... 13 more

My understanding of this is that there is an ASN.1 encoding error. The length is bigger than expected.
How should I proceed from here?
Any help would be appreciated

I have tried the 2 means specified by the certificate provider.

keytool -genkey -alias tomcat -keyalg RSA -keystore mykeystore
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore mykeystore

I have it authorized by the CA

then performed the following methods:

Trial 1:

openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in mysite.crt
-inkey privateKey.pem
-out keystore.tomcat -name tomcat -passout pass:changeit



Trial 2:

keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file valicert_class2_root.crt
First intermediate (gd_cross_intermediate.crt):

keytool -import -alias cross -keystore tomcat.keystore -trustcacerts -file gd_cross_intermediate.crt
Second intermediate (gd_intermediate.crt):

keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gd_intermediate.crtkeytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file mysite.crt



I changed the server.xml to have the following:

<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:/cert/my.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>

<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="off" />


Thanks

Search Discussions

  • Martin Gainty at May 8, 2011 at 1:49 pm
    Chip-
    take all the 32bit folders off the PATH
    best to SET CLASSPATH=

    download the 64bit windoze version of Tomcat7 from
    http://tomcat.apache.org/download-70.cgi

    reconfigure and let us know if there any further issues

    Martin Gainty
    ______________________________________________
    Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

    Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
    Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.



    From: chipper7757@hotmail.com
    To: users@tomcat.apache.org
    Subject: FW: SSL setup for tomcat 7.0.10 using a CA cert
    Date: Sun, 8 May 2011 08:09:12 -0400



    I have been trying to install a certificate on a Tomcat 7.0.10 on a Windows 64 bit 2008 server and getting this error.

    Error Message
    DerInputStream.getLength(): lengthTag=109, too big.

    2011-05-07 21:19:08 Commons Daemon procrun stderr initialized
    May 7, 2011 9:19:09 PM org.apache.catalina.core.AprLifecycleListener init
    INFO:
    The APR based Apache Tomcat Native library which allows optimal
    performance in production environments was not found on the
    java.library.path: D:\Tomcat
    7.0\bin;.;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;D:\apache-ant-1.8.2\bin\;C:\Program
    Files\Java\jdk1.6.0_25\bin\;C:\OpenSSL-Win32\bin\
    May 7, 2011 9:19:09 PM org.apache.catalina.startup.SetAllPropertiesRule begin
    WARNING:
    [SetAllPropertiesRule]{Server/Service/Connector} Setting property
    'maxSpareThreads' to '75' did not find a matching property.
    May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
    WARNING:
    [SetPropertiesRule]{Server/Service/Engine/Host} Setting property
    'liveDeploy' to 'false' did not find a matching property.
    May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
    WARNING:
    [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting
    property 'debug' to '1' did not find a matching property.
    May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
    INFO: Initializing ProtocolHandler ["http-bio-8443"]
    May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
    SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8443"]
    java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
    at sun.security.util.DerInputStream.getLength(Unknown Source)
    at sun.security.util.DerValue.init(Unknown Source)
    at sun.security.util.DerValue.<init>(Unknown Source)
    at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
    at java.security.KeyStore.load(Unknown Source)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:409)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:308)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:561)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:507)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:451)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:159)
    at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:365)
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483)
    at org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345)
    at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
    at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
    May 7, 2011 9:19:10 PM org.apache.catalina.core.StandardService initInternal
    SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
    org.apache.catalina.LifecycleException: Protocol handler initialization failed
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:912)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
    at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
    Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
    at sun.security.util.DerInputStream.getLength(Unknown Source)
    at sun.security.util.DerValue.init(Unknown Source)
    at sun.security.util.DerValue.<init>(Unknown Source)
    at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
    at java.security.KeyStore.load(Unknown Source)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:409)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:308)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:561)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:507)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:451)
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:159)
    at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:365)
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483)
    at org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345)
    at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
    ... 13 more

    My understanding of this is that there is an ASN.1 encoding error. The length is bigger than expected.
    How should I proceed from here?
    Any help would be appreciated

    I have tried the 2 means specified by the certificate provider.

    keytool -genkey -alias tomcat -keyalg RSA -keystore mykeystore
    keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore mykeystore

    I have it authorized by the CA

    then performed the following methods:

    Trial 1:

    openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in mysite.crt
    -inkey privateKey.pem
    -out keystore.tomcat -name tomcat -passout pass:changeit



    Trial 2:

    keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file valicert_class2_root.crt
    First intermediate (gd_cross_intermediate.crt):

    keytool -import -alias cross -keystore tomcat.keystore -trustcacerts -file gd_cross_intermediate.crt
    Second intermediate (gd_intermediate.crt):

    keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gd_intermediate.crtkeytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file mysite.crt



    I changed the server.xml to have the following:

    <Connector protocol="org.apache.coyote.http11.Http11Protocol"
    port="8443" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    keystoreFile="C:/cert/my.keystore" keystorePass="changeit"
    clientAuth="false" sslProtocol="TLS"/>

    <Listener className="org.apache.catalina.core.AprLifecycleListener"
    SSLEngine="off" />


    Thanks

  • Caldarale, Charles R at May 8, 2011 at 2:36 pm

    From: Martin Gainty
    Subject: RE: SSL setup for tomcat 7.0.10 using a CA cert
    take all the 32bit folders off the PATH
    best to SET CLASSPATH=
    download the 64bit windoze version of Tomcat7 from
    http://tomcat.apache.org/download-70.cgi
    All of the above is completely irrelevant, as usual.

    - Chuck


    THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.


    ---------------------------------------------------------------------
    To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
    For additional commands, e-mail: users-help@tomcat.apache.org
  • Caldarale, Charles R at May 8, 2011 at 3:10 pm

    From: chip chipper
    Subject: FW: SSL setup for tomcat 7.0.10 using a CA cert
    May 7, 2011 9:19:09 PM org.apache.catalina.startup.SetAllPropertiesRule begin
    WARNING:
    [SetAllPropertiesRule]{Server/Service/Connector} Setting property
    'maxSpareThreads' to '75' did not find a matching property.
    Read the Tomcat 7 doc - there is no maxSpareThreads attribute for a <Connector>.
    May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
    WARNING:
    [SetPropertiesRule]{Server/Service/Engine/Host} Setting property
    'liveDeploy' to 'false' did not find a matching property.
    Ditto for liveDeploy on a <Host>.
    May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
    WARNING:
    [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting
    property 'debug' to '1' did not find a matching property.
    Ditto for debug on a <Context>.

    Looks like you have grabbed an ancient server.xml and tried to use it with Tomcat 7 - you simply can't do that. Read the Tomcat 7 configuration guide and set what you need properly.
    May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
    SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8443"]
    java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
    My understanding of this is that there is an ASN.1 encoding error.
    The length is bigger than expected.
    Can you examine the certificates using keytool and see what it thinks of them?
    keytool ... -keystore mykeystore

    openssl ... -out keystore.tomcat

    keytool ... -keystore tomcat.keystore
    I count three different keystore names here; which are we to believe?
    <Connector protocol="org.apache.coyote.http11.Http11Protocol"
    port="8443" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    keystoreFile="C:/cert/my.keystore" keystorePass="changeit"
    clientAuth="false" sslProtocol="TLS"/>
    And a fourth keystore name here.

    Also, what you have above does not correspond with the maxSpareThreads error message displayed in the log. Either you're confusing everyone by reporting one set of log entries along with an unrelated config, or you're not running the config you think you are. It would be useful if you posted your entire server.xml file, with comments removed.
    <Listener className="org.apache.catalina.core.AprLifecycleListener"
    SSLEngine="off" />
    You can't run APR with JSSE handling the SSL negotiation, so turning SSLEngine off is not useful. Besides, you don't appear to have the tcnative-1.dll installed, and you've forced use of the BIO connector, so changing the AprLifeCycleListener is ineffective.

    - Chuck


    THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.


    ---------------------------------------------------------------------
    To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
    For additional commands, e-mail: users-help@tomcat.apache.org
  • Chip chipper at May 8, 2011 at 10:55 pm
    Chuck

    The tomcat keystore was the wrong file. Thanks for the hint. I had a tomcat.keystore and a keystore.tomcat.
    Better naming would have avoided the embarrassment of using a user-group.

    Thanks for the assistance and your time

    Chip
    From: Chuck.Caldarale@unisys.com
    To: users@tomcat.apache.org
    Date: Sun, 8 May 2011 10:08:23 -0500
    Subject: RE: SSL setup for tomcat 7.0.10 using a CA cert
    From: chip chipper
    Subject: FW: SSL setup for tomcat 7.0.10 using a CA cert
    May 7, 2011 9:19:09 PM org.apache.catalina.startup.SetAllPropertiesRule begin
    WARNING:
    [SetAllPropertiesRule]{Server/Service/Connector} Setting property
    'maxSpareThreads' to '75' did not find a matching property.
    Read the Tomcat 7 doc - there is no maxSpareThreads attribute for a <Connector>.
    May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
    WARNING:
    [SetPropertiesRule]{Server/Service/Engine/Host} Setting property
    'liveDeploy' to 'false' did not find a matching property.
    Ditto for liveDeploy on a <Host>.
    May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
    WARNING:
    [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting
    property 'debug' to '1' did not find a matching property.
    Ditto for debug on a <Context>.

    Looks like you have grabbed an ancient server.xml and tried to use it with Tomcat 7 - you simply can't do that. Read the Tomcat 7 configuration guide and set what you need properly.
    May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
    SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8443"]
    java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
    My understanding of this is that there is an ASN.1 encoding error.
    The length is bigger than expected.
    Can you examine the certificates using keytool and see what it thinks of them?
    keytool ... -keystore mykeystore

    openssl ... -out keystore.tomcat

    keytool ... -keystore tomcat.keystore
    I count three different keystore names here; which are we to believe?
    <Connector protocol="org.apache.coyote.http11.Http11Protocol"
    port="8443" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    keystoreFile="C:/cert/my.keystore" keystorePass="changeit"
    clientAuth="false" sslProtocol="TLS"/>
    And a fourth keystore name here.

    Also, what you have above does not correspond with the maxSpareThreads error message displayed in the log. Either you're confusing everyone by reporting one set of log entries along with an unrelated config, or you're not running the config you think you are. It would be useful if you posted your entire server.xml file, with comments removed.
    <Listener className="org.apache.catalina.core.AprLifecycleListener"
    SSLEngine="off" />
    You can't run APR with JSSE handling the SSL negotiation, so turning SSLEngine off is not useful. Besides, you don't appear to have the tcnative-1.dll installed, and you've forced use of the BIO connector, so changing the AprLifeCycleListener is ineffective.

    - Chuck


    THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.


    ---------------------------------------------------------------------
    To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
    For additional commands, e-mail: users-help@tomcat.apache.org

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupusers @
categoriestomcat
postedMay 8, '11 at 12:09p
activeMay 8, '11 at 10:55p
posts5
users3
websitetomcat.apache.org
irc#tomcat

People

Translate

site design / logo © 2021 Grokbase