Look at the bug 15790. http://issues.apache.org/bugzilla/show_bug.cgi?id=15790
This problem was fixed in 4.1.25 or later.
Ben Sifuentes wrote:
While using Apache2.0.47 and Tomcat 4.1.24 integrated with JBOSS 3.2.1 on a Win2000 box.
I get the following exception from the Tomcat JkCoyoteHandler when making a https call
If I hit the ok button several times when it pops up the Select your Certificate box in windows it processes the request as you can see by the output I'm able to correctly process the SSL information being sent across the wire.
The Certificate is a pk7 which was built from x509
Any help with this issue would be greatly appreciated. I've struggled long and hard with the SSL communication between Apache and Tomcat and it looks like I'm very close to having it. Except for the following error.
One last thing: mod_sll.so (came with the Apache2.0 distribution) mod_jdk_2.0.46.dll
============================================================================
19:43:29,503 INFO [Server] JBoss (MX MicroKernel) [3.2.1 (build: CVSTag=JBoss_3 _2_1 date=200305041533)] Started in 1m:39s:313ms 19:44:49,248 ERROR [JkCoyoteHandler] Certificate convertion failed java.security.cert.CertificateException: Unable to initialize, java.io.IOExcepti on: DerInputStream.getLength(): lengthTag=127, too big. at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:289) at sun.security.provider.X509Factory.engineGenerateCertificate(X509Facto ry.java:94) at java.security.cert.CertificateFactory.generateCertificate(Certificate Factory.java:389) at org.apache.jk.server.JkCoyoteHandler.action(JkCoyoteHandler.java:395)
at org.apache.coyote.Response.action(Response.java:222) at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapte r.java:310) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:22 1) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:261)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:604) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.ja va:562) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:679) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP ool.java:619) at java.lang.Thread.run(Thread.java:536) Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=127, too b ig. at sun.security.util.DerInputStream.getLength(DerInputStream.java:502) at sun.security.util.DerInputStream.getLength(DerInputStream.java:476) at sun.security.util.DerValue.<init>(DerValue.java:233) at sun.security.util.DerInputStream.getDerValue(DerInputStream.java:358)
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1608) at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:286) ... 13 more . . 19:45:12,001 INFO [Engine] CoyoteAdapter Requested cookie session id is 01BD9D C9B2EF687EE90F8FAD8147B49F 19:45:12,001 ERROR [JkCoyoteHandler] Certificate convertion failed java.security.cert.CertificateException: Unable to initialize, java.io.IOExcepti on: DerInputStream.getLength(): lengthTag=102, too big. at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:289) at sun.security.provider.X509Factory.engineGenerateCertificate(X509Facto ry.java:94) at java.security.cert.CertificateFactory.generateCertificate(Certificate Factory.java:389) at org.apache.jk.server.JkCoyoteHandler.action(JkCoyoteHandler.java:395)
at org.apache.coyote.Response.action(Response.java:222) at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapte r.java:310) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:22 1) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:261)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:604) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.ja va:562) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:679) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP ool.java:619) at java.lang.Thread.run(Thread.java:536) Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=102, too b ig. at sun.security.util.DerInputStream.getLength(DerInputStream.java:502) at sun.security.util.DerInputStream.getLength(DerInputStream.java:476) at sun.security.util.DerValue.<init>(DerValue.java:233) at sun.security.util.DerInputStream.getDerValue(DerInputStream.java:358)
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1608) at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:286) ... 13 more
19:46:56,281 INFO [Engine] action: Processing a POST for /logon 19:46:56,291 INFO [Engine] action: Setting locale 'en_US' 19:46:56,291 INFO [Engine] action: Looking for ActionForm bean under attribute 'logon' 19:46:56,291 INFO [Engine] action: Creating new ActionForm instance of class ' pro.registrypro.products.ami.form.logonForm' 19:46:56,291 INFO [Engine] action: Storing instance under attribute 'logon' in scope 'request' 19:46:56,291 INFO [Engine] action: Populating bean properties from this reques t 19:46:56,301 INFO [Engine] action: Validating input form properties 19:46:56,301 INFO [Engine] action: No errors detected, accepting input 19:46:56,301 INFO [Engine] action: Looking for Action instance for class pro.r egistrypro.products.ami.action.logonAction 19:46:56,301 INFO [Engine] action: Double checking for Action instance alread y there 19:46:56,301 INFO [Engine] action: Creating new Action instance 19:46:56,361 INFO [STDOUT] ping: usa-bwdzu56x1fd 19:46:56,361 INFO [STDOUT] ipAddr=10.168.1.61 19:46:56,361 INFO [Engine] action: Begin-Validation 19:46:56,361 INFO [STDOUT] ALRIGHT WE GOT SOMETHING!!!! 19:46:56,361 INFO [STDOUT] [-----BEGIN CERTIFICATE----- MIICnTCCAgYCAQEwDQYJKoZIhvcNAQEEBQAwgYwxCzAJBgNVBAYTAlVTMRAwDgYD VQQIEwdHZW9yZ2lhMRAwDgYDVQQHEwdBdGxhbnRhMRQwEgYDVQQKEwtSZWdpc3Ry eVBybzEMMAoGA1UECxMDRGV2MRIwEAYDVQQDEwkxMjcuMC4wLjExITAfBgkqhkiG 9w0BCQEWEnJ3a2FzdGVuQG54anF6LmNvbTAeFw0wMzA4MTQxNDI4NTRaFw0wNDA4 MTMxNDI4NTRaMIGgMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHR2VvcmdpYTEQMA4G A1UEBxMHQXRsYW50YTEUMBIGA1UEChMLUmVnaXN0cnlQcm8xDDAKBgNVBAsTA0Rl djEnMCUGA1UEAxMeVGVzdCBDbGllbnQgQ2VydCBmb3IgMTI3LjAuMC4xMSAwHgYJ KoZIhvcNAQkBFhFyd2thc3RlbkB4anF6LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEAz6vkmB63Q69eZDWkdWoO+bHNRu4vLQVLl/arA8W1aw7gpXrtQn19 Bw0DIhp2OCIDOixoF6Oq3tfAz5agFcj1haRGCjtI4GlgiuIgM2bN1EuW3pbdwmtE 3jv3qKbMNn5M124Usn/seUn1DlMkv7+7AdDVjZz36zoMmZqaVjoSSdUCAwEAATAN BgkqhkiG9w0BAQQFAAOBgQALS8XG/3RL/F6K7Ytf5CF7du5Ip199TdI9FSrUcbGY JiS9pGlxuhJwd3c5L8A+IuN9gai5FnITnsoBHn4S3a89FxSEeqW4kAno8PWVUBeN KjZiHGHMiyok8h9CWZPv4CDtcLvP3jpoIEgkROs0wnfdOdwK2FyCHj2QuMc3iioO gA== -----END CERTIFICATE----- ] 19:46:56,371 INFO [STDOUT] ---Certificate--- 19:46:56,371 INFO [STDOUT] type = X.509 19:46:56,371 INFO [STDOUT] version = 1 19:46:56,371 INFO [STDOUT] subject = [EMAIL PROTECTED], CN=Test Cl ient Cert for 127.0.0.1, OU=Dev, O=RegistryPro, L=Atlanta, ST=Georgia, C=US 19:46:56,371 INFO [STDOUT] valid from = Thu Aug 14 10:28:54 EDT 2003 19:46:56,371 INFO [STDOUT] valid to = Fri Aug 13 10:28:54 EDT 2004 19:46:56,371 INFO [STDOUT] serial number = 1 19:46:56,371 INFO [STDOUT] issuer = [EMAIL PROTECTED], CN=127.0.0 .1, OU=Dev, O=RegistryPro, L=Atlanta, ST=Georgia, C=US 19:46:56,371 INFO [STDOUT] signing algorithm = MD5withRSA 19:46:56,381 INFO [STDOUT] public key algorithm = RSA 19:46:56,381 INFO [STDOUT] ---Extensions--- 19:46:56,381 INFO [STDOUT] --- 19:46:56,381 INFO [Engine] action: End Loop.... 19:46:56,381 INFO [STDOUT] AmiDelegator.checkuser 19:46:56,621 INFO [STDOUT] DataBean context set 19:46:56,651 INFO [STDOUT] Ami.props 19:46:56,681 INFO [STDOUT] uservo=UserVO: login:rpro-developer::: pass-admin::: certid-1::: ip-10.168.1.61::: newpass-nul l::: sid-null::: role-null 19:46:57,102 INFO [STDOUT] eppRes=(message = Wrong certificate ID), (code = 220 0), (tid = 14854711) 19:46:57,102 INFO [STDOUT] sid=null## role=null 19:46:57,112 INFO [STDOUT] code=2200 19:46:57,112 INFO [STDOUT] message=Wrong certificate ID 19:46:57,112 INFO [STDOUT] sid=null 19:46:57,112 INFO [STDOUT] UserBean removed 19:46:57,112 INFO [Engine] action: logon: Got UserException- 'Wrong certificate ID' on session 01BD9DC9B2EF687EE90F8FAD8147B49F 19:46:57,122 INFO [STDOUT] 1 19:46:57,122 INFO [STDOUT] [EMAIL PROTECTED] 19:46:57,162 ERROR [JkCoyoteHandler] Certificate convertion failed
-- Kan Ogawa [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
