On Nov 27, 2012, at 9:55 AM, Will Nordmeyer wrote: > OK, I upped it to 1024G and it still crashed. > > I tried loading with a 70M file (the root CA, and the CA directly > responsible for my cert). That seemed to load, but when I tried going > to a probe application that I've got installed - to get memory data, > etc. It prompts me for my cert, but then goes to "Internet Explorer > cannot display the webpage."
You might want to try a profiler like YourKit or Eclipse Memory Analyzer (MAT). Should show you exactly what is consuming the memory in Tomcat and it will not require that you connect via HTTP. > I have a self signed server certificate - and the user certs have no > association/connection to the server cert. I apologize, but I'm not exactly sure what you are trying to configure with the certs and the crl file. Can you take a step back from the problem and give us some higher level details on what you are trying to achieve with this configuration? Dan > > > > On Tue, Nov 27, 2012 at 9:27 AM, Daniel Mikusa <dmik...@vmware.com> wrote: >> On Nov 27, 2012, at 9:17 AM, Will Nordmeyer wrote: >> >>> Dan, >>> >>> I tried that - first attempt jstack threw exceptions and I got >>> nothing. So I killed the tomcat, took the crlFile back out and ran, >>> got a nice jstack showing everything running smoothly. >>> >>> Shut tomcat down, put the crlFile line back and started up again. >>> This time, tomcat6 doesn't hang, but it throws an exception and >>> doesn't start... I keep running out of heap space. I wonder why it >>> suddenly decided to actually admit the problem instead of just going >>> out to lunch. >>> >>> Caused by: java.lang.OutOfMemoryError: Java heap space >>> at java.util.Arrays.copyOf(Arrays.java:2786) >>> at java.io.ByteArrayOutputStream.write(ByteArrayOutputStream.java:94) >>> at >>> sun.security.provider.X509Factory.getTotalBytes(X509Factory.java:658) >>> at >>> sun.security.provider.X509Factory.engineGenerateCRLs(X509Factory.java:500) >>> at >>> java.security.cert.CertificateFactory.generateCRLs(CertificateFactory.java:500) >>> >>> >>> I have JAVA_OPTS set so that I have a min of 512MB and a max of 512 MB >>> - without the CRL, it loads fine, so the Memory is available. >> >> Do you have more available memory on the system? I would try doubling the >> heap size to 1G and see if that helps. After Tomcat is up, you could attach >> a profiler to get the details about how much memory is being consumed. >> >> Dan >> >> >>> My problem is that the CRL file is 271 MB - I'm not sure how big that >>> translates to once Java starts loading it. >>> >>> --Will >>> On Mon, Nov 26, 2012 at 5:17 PM, Daniel Mikusa <dmik...@vmware.com> wrote: >>>> On Nov 26, 2012, at 3:35 PM, Will Nordmeyer wrote: >>>> If Tomcat appears to be hanging with this option enabled, I would suggest >>>> taking a thread dump and including it here. Could provide some clues as >>>> to what is happening. >>>> >>>> http://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F >>>> >>>> Dan >>>> >>>> >>>>> >>>>> If I remove the crlFile reference in the server.xml, everything works >>>>> fine (except crl lookups of course). The system starts up, the app is >>>>> accessible, it prompts for the certificate... >>>>> >>>>> Any thoughts on why it would be failing like that would be appreciated. >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org