Public bug reported:
When using pkispawn with an external root CA the following error occurs.
2018-05-05 15:00:33 [https-jsse-nio-8443-exec-9] FINE: CertInfoProfile: Unable
to populate certificate: Unable to get ca certificate: Unable to initialize,
java.io.IOException: DerInput.getLength(): lengthTag=9, too big.
2018-05-05 15:00:33 [https-jsse-nio-8443-exec-9] SEVERE: Configuration failed:
Unable to get ca certificate: Unable to initialize, java.io.IOException:
DerInput.getLength(): lengthTag=9, too big.
Unable to get ca certificate: Unable to initialize, java.io.IOException:
DerInput.getLength(): lengthTag=9, too big.
at
com.netscape.cms.profile.def.ValidityDefault.populate(ValidityDefault.java:323)
at
com.netscape.certsrv.profile.CertInfoProfile.populate(CertInfoProfile.java:100)
at
com.netscape.cms.servlet.csadmin.CertUtil.createLocalCert(CertUtil.java:542)
at
com.netscape.cms.servlet.csadmin.ConfigurationUtils.configLocalCert(ConfigurationUtils.java:2754)
at
com.netscape.cms.servlet.csadmin.ConfigurationUtils.configCert(ConfigurationUtils.java:2578)
at
org.dogtagpki.server.rest.SystemConfigService.processCert(SystemConfigService.java:483)
at
org.dogtagpki.server.rest.SystemConfigService.processCerts(SystemConfigService.java:303)
at
org.dogtagpki.server.rest.SystemConfigService.configure(SystemConfigService.java:170)
at
org.dogtagpki.server.rest.SystemConfigService.configure(SystemConfigService.java:105)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:402)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:209)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496)
at
com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:82)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1460)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: Unable to initialize, java.io.IOException: DerInput.getLength():
lengthTag=9, too big.
at
com.netscape.ca.CertificateAuthority.getCACert(CertificateAuthority.java:1621)
at
com.netscape.cms.profile.def.ValidityDefault.populate(ValidityDefault.java:315)
... 45 more
Caused by: java.security.cert.CertificateException: Unable to initialize,
java.io.IOException: DerInput.getLength(): lengthTag=9, too big.
at netscape.security.x509.X509CertImpl.<init>(X509CertImpl.java:186)
at netscape.security.x509.X509CertImpl.<init>(X509CertImpl.java:160)
at
com.netscape.ca.CertificateAuthority.getCACert(CertificateAuthority.java:1613)
... 46 more
I'm not sure if the problem is upstream in dogtag or if its an issue
with this the bionic package. A similar issue has been reported on the
RedHat bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1540924
Attached is the complete debug log.
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04 LTS"
dogtag-pki 10.6.0-1ubuntu2
** Affects: dogtag-pki (Ubuntu)
Importance: Undecided
Status: New
** Attachment added: "debug.log"
https://bugs.launchpad.net/bugs/1769545/+attachment/5135110/+files/debug.log
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769545
Title:
DerInput.getLength(): lengthTag=9, too big.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dogtag-pki/+bug/1769545/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
