> From: chip chipper [mailto:[email protected]]
> Subject: FW: SSL setup for tomcat 7.0.10 using a CA cert
> May 7, 2011 9:19:09 PM org.apache.catalina.startup.SetAllPropertiesRule begin
> WARNING:
> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'maxSpareThreads' to '75' did not find a matching property.
Read the Tomcat 7 doc - there is no maxSpareThreads attribute for a <Connector>.
> May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
> WARNING:
> [SetPropertiesRule]{Server/Service/Engine/Host} Setting property
> 'liveDeploy' to 'false' did not find a matching property.
Ditto for liveDeploy on a <Host>.
> May 7, 2011 9:19:09 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
> WARNING:
> [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting
> property 'debug' to '1' did not find a matching property.
Ditto for debug on a <Context>.
Looks like you have grabbed an ancient server.xml and tried to use it with
Tomcat 7 - you simply can't do that. Read the Tomcat 7 configuration guide and
set what you need properly.
> May 7, 2011 9:19:10 PM org.apache.coyote.AbstractProtocolHandler init
> SEVERE: Failed to initialize end point associated with ProtocolHandler
> ["http-bio-8443"]
> java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
> My understanding of this is that there is an ASN.1 encoding error.
> The length is bigger than expected.
Can you examine the certificates using keytool and see what it thinks of them?
> keytool ... -keystore mykeystore
>
> openssl ... -out keystore.tomcat
>
> keytool ... -keystore tomcat.keystore
I count three different keystore names here; which are we to believe?
> <Connector protocol="org.apache.coyote.http11.Http11Protocol"
> port="8443" maxThreads="200"
> scheme="https" secure="true" SSLEnabled="true"
> keystoreFile="C:/cert/my.keystore" keystorePass="changeit"
> clientAuth="false" sslProtocol="TLS"/>
And a fourth keystore name here.
Also, what you have above does not correspond with the maxSpareThreads error
message displayed in the log. Either you're confusing everyone by reporting
one set of log entries along with an unrelated config, or you're not running
the config you think you are. It would be useful if you posted your entire
server.xml file, with comments removed.
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="off" />
You can't run APR with JSSE handling the SSL negotiation, so turning SSLEngine
off is not useful. Besides, you don't appear to have the tcnative-1.dll
installed, and you've forced use of the BIO connector, so changing the
AprLifeCycleListener is ineffective.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
