Tomcat Https jks file error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big

Question

Recentrly I have upgraded my tomcat from 8.0 to 8.5.28. My https configuration worked perfectly in 8.0. But After I upgraded it to 8.5.x, HTTPS stopped working. I have jks file in tomcat's conf folder and I have mentioned following in server.xml file:

 <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" 
        SSLEnabled="true"
        ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                    TLS_RSA_WITH_AES_256_CBC_SHA,
                    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
                    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
                    TLS_RSA_WITH_AES_128_CBC_SHA"
        maxThreads="150" 
        scheme="https" secure="true"
        clientAuth="false" sslProtocol="TLS" 
        sslEnabledProtocols="TLSv1.1,TLSv1.2"
        keystoreFile="/my/path/to/tomcat/mykeystore.jks" 
        keystorePass="mypassword"
 />

 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" 
        SSLEnabled="true"
        ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                    TLS_RSA_WITH_AES_256_CBC_SHA,
                    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
                    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
                    TLS_RSA_WITH_AES_128_CBC_SHA"
        maxThreads="150" scheme="https" secure="true"
        clientAuth="false" sslProtocol="TLS" 
        sslEnabledProtocols="TLSv1.1,TLSv1.2"
        keystoreFile="/my/path/to/tomcat/mykeystore.jks" 
        keystorePass="mypassword"
 />

I am getting this error in catalina.out. I searched in the web but no solution worked for me. Can anyone say what I am missing.

11-Dec-2018 20:35:30.193 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]]
 org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
 at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
 at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
 at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
 at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
 at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
 at org.apache.catalina.startup.Catalina.load(Catalina.java:632)
 at org.apache.catalina.startup.Catalina.load(Catalina.java:655)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
 at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
 at org.apache.catalina.connector.Connector.initInternal(Connector.java:995)
 at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
 ... 12 more
Caused by: java.lang.IllegalArgumentException: DerInputStream.getLength(): lengthTag=109, too big.
 at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116)
 at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87)
 at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225)
 at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1086)
 at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268)
 at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
 at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
 at org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
 ... 13 more
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
 at sun.security.util.DerInputStream.getLength(DerInputStream.java:599)
 at sun.security.util.DerValue.init(DerValue.java:391)
 at sun.security.util.DerValue.<init>(DerValue.java:332)
 at sun.security.util.DerValue.<init>(DerValue.java:345)
 at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1938)
 at java.security.KeyStore.load(KeyStore.java:1445)
 at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:139)
 at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:204)
 at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:184)
 at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
 ... 20 more

President James K. Polk · Accepted Answer

It looks like it is expecting a PKCS#12 keystore, but you're providing a JKS keystore. I think I read somewhere that something, maybe Java, used to accept either one when you asked for a PKCS#12 keystore but then got more strict in a recent upgrade. Try adding keystoreType="JKS" to server.xml

Tomcat Https jks file error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big

Tags:

java

https

ssl

tomcat

vissu

1 Answers

President James K. Polk

Recent Activity

Donate For Us

Tomcat Https jks file error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big

Tags:

java

https

ssl

tomcat

vissu

1 Answers

President James K. Polk

Related questions

Recent Activity

Donate For Us