On Nov 27, 2012, at 9:55 AM, Will Nordmeyer wrote:

> OK, I upped it to 1024G and it still crashed.
> 
> I tried loading with a 70M file (the root CA, and the CA directly
> responsible for my cert).  That seemed to load, but when I tried going
> to a probe application that I've got installed - to get memory data,
> etc.  It prompts me for my cert, but then goes to "Internet Explorer
> cannot display the webpage."

You might want to try a profiler like YourKit or Eclipse Memory Analyzer (MAT). 
 Should show you exactly what is consuming the memory in Tomcat and it will not 
require that you connect via HTTP.

> I have a self signed server certificate - and the user certs have no
> association/connection to the server cert.

I apologize, but I'm not exactly sure what you are trying to configure with the 
certs and the crl file.  Can you take a step back from the problem and give us 
some higher level details on what you are trying to achieve with this 
configuration?

Dan


> 
> 
> 
> On Tue, Nov 27, 2012 at 9:27 AM, Daniel Mikusa <dmik...@vmware.com> wrote:
>> On Nov 27, 2012, at 9:17 AM, Will Nordmeyer wrote:
>> 
>>> Dan,
>>> 
>>> I tried that - first attempt jstack threw exceptions and I got
>>> nothing.  So I killed the tomcat, took the crlFile back out and ran,
>>> got a nice jstack showing everything running smoothly.
>>> 
>>> Shut tomcat down, put the crlFile line back and started up again.
>>> This time, tomcat6 doesn't hang, but it throws an exception and
>>> doesn't start...  I keep running out of heap space.  I wonder why it
>>> suddenly decided to actually admit the problem instead of just going
>>> out to lunch.
>>> 
>>> Caused by: java.lang.OutOfMemoryError: Java heap space
>>>       at java.util.Arrays.copyOf(Arrays.java:2786)
>>>       at java.io.ByteArrayOutputStream.write(ByteArrayOutputStream.java:94)
>>>       at 
>>> sun.security.provider.X509Factory.getTotalBytes(X509Factory.java:658)
>>>       at 
>>> sun.security.provider.X509Factory.engineGenerateCRLs(X509Factory.java:500)
>>>       at 
>>> java.security.cert.CertificateFactory.generateCRLs(CertificateFactory.java:500)
>>> 
>>> 
>>> I have JAVA_OPTS set so that I have a min of 512MB and a max of 512 MB
>>> - without the CRL, it loads fine, so the Memory is available.
>> 
>> Do you have more available memory on the system?  I would try doubling the 
>> heap size to 1G and see if that helps.  After Tomcat is up, you could attach 
>> a profiler to get the details about how much memory is being consumed.
>> 
>> Dan
>> 
>> 
>>> My problem is that the CRL file is 271 MB - I'm not sure how big that
>>> translates to once Java starts loading it.
>>> 
>>> --Will
>>> On Mon, Nov 26, 2012 at 5:17 PM, Daniel Mikusa <dmik...@vmware.com> wrote:
>>>> On Nov 26, 2012, at 3:35 PM, Will Nordmeyer wrote:
>>>> If Tomcat appears to be hanging with this option enabled, I would suggest 
>>>> taking a thread dump and including it here.  Could provide some clues as 
>>>> to what is happening.
>>>> 
>>>> http://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F
>>>> 
>>>> Dan
>>>> 
>>>> 
>>>>> 
>>>>> If I remove the crlFile reference in the server.xml, everything works
>>>>> fine (except crl lookups of course). The system starts up, the app is
>>>>> accessible, it prompts for the certificate...
>>>>> 
>>>>> Any thoughts on why it would be failing like that would be appreciated.
>>>>> 
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>> 
>>>> 
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>> 
>>> 
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to