I have been trying to install a certificate on a Tomcat 7.0.10 on a Windows 64
bit 2008 server and getting this error.
Error Message
DerInputStream.getLength(): lengthTag=109, too big.
2011-05-07 21:19:08 Commons Daemon procrun stderr initialized
May 7, 2011 9:19:09 PM org.apache.catalina.core.AprLifecycleListener init
INFO:
The APR based Apache Tomcat Native library which allows optimal
performance in production environments was not found on the
java.library.path: D:\Tomcat
7.0\bin;.;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;D:\apache-ant-1.8.2\bin\;C:\Program
Files\Java\jdk1.6.0_25\bin\;C:\OpenSSL-Win32\bin\
May 7, 2011 9:19:09 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'maxSpareThreads' to '75' did not find a matching property.
May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host} Setting property
'liveDeploy' to 'false' did not find a matching property.
May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting
property 'debug' to '1' did not find a matching property.
May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
INFO: Initializing ProtocolHandler ["http-bio-8443"]
May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
SEVERE: Failed to initialize end point associated with ProtocolHandler
["http-bio-8443"]
java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(Unknown Source)
at sun.security.util.DerValue.init(Unknown Source)
at sun.security.util.DerValue.<init>(Unknown Source)
at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:409)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:308)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:561)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:507)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:451)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:159)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:365)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483)
at
org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345)
at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
May 7, 2011 9:19:10 PM org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:912)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too
big.
at sun.security.util.DerInputStream.getLength(Unknown Source)
at sun.security.util.DerValue.init(Unknown Source)
at sun.security.util.DerValue.<init>(Unknown Source)
at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:409)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:308)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:561)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:507)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:451)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:159)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:365)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:483)
at
org.apache.coyote.AbstractProtocolHandler.init(AbstractProtocolHandler.java:345)
at
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
... 13 more
My understanding of this is that there is an ASN.1 encoding error. The length
is bigger than expected.
How should I proceed from here?
Any help would be appreciated
I have tried the 2 means specified by the certificate provider.
keytool -genkey -alias tomcat -keyalg RSA -keystore mykeystore
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore
mykeystore
I have it authorized by the CA
then performed the following methods:
Trial 1:
openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in mysite.crt
-inkey privateKey.pem
-out keystore.tomcat -name tomcat -passout pass:changeit
Trial 2:
keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file
valicert_class2_root.crt
First intermediate (gd_cross_intermediate.crt):
keytool -import -alias cross -keystore tomcat.keystore -trustcacerts -file
gd_cross_intermediate.crt
Second intermediate (gd_intermediate.crt):
keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file
gd_intermediate.crtkeytool -import -alias tomcat -keystore tomcat.keystore
-trustcacerts -file mysite.crt
I changed the server.xml to have the following:
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:/cert/my.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="off" />
Thanks
