Re: AW: Too many certificates in chain?!? Help!

Thu, 18 May 2023 13:02:47 -0700 

On 5/18/23 12:18 AM, Thomas Hoffmann (Speed4Trade GmbH) wrote:

Which version of tomcat do you use?
Is the stack trace truncated in your mail? Is there a "caused by ..." further 
down the stacktrace?

It looks like the error is thrown deeper in SSLUtil when creating the ssl 
context.
Maybe you can post the full stack trace.


It just gets weirder.
FYI, The customer box is on Tomcat 8.5.73, running under IBM Java 8.0.7.20 - pap6480sr7fp20-20221020_01(SR7 FP20), under OS/400 V7R3M0.
I fired up one of our on-site AS/400s (V6R1M0), with a Tomcat server (7.0.108, running under Java 6), and started plugging in keystores. First, I plugged in the initial self-signed keystore. No problem; launched just fine. Then I plugged in the signed-and-chained keystore. Still no problem; launched just fine. Then I plugged in a copy of the signed-and-chained keystore that I'd sent back from the customer box. STILL no problem!
I also did a "keytool -list -v -keystore xxxxx.ks" on both the new keystore and the one that worked, on my own Mac. No problems at all, and they looked very similar. But when I tried doing it on the customer AS/400, I got very similar error messages to what's in catalina.out.
I don't ordinarily send attachments to list servers, but the "how to ask questions the smart way" said it should be OK, if small and relevant, and stacktraces tend to get a bit garbled if sent inline, so I've attached a brief catalina.out excerpt. 

--
JHHL
17-May-2023 19:33:28.162 INFO [main] org.apache.coyote.AbstractProtocol.init 
Initializing ProtocolHandler ["https-jsse-nio-443"]
JVMDUMP039I Processing dump event "systhrow", detail 
"java/lang/OutOfMemoryError" at 2023/05/17 19:33:32 - please wait.
JVMDUMP032I JVM requested System dump using 
'//core.20230517.193332.26378.0001.dmp' in response to an event
JVMDUMP010I System dump written to //core.20230517.193332.26378.0001.dmp
JVMDUMP032I JVM requested Heap dump using 
'//heapdump.20230517.193332.26378.0002.phd' in response to an event
JVMDUMP010I Heap dump written to //heapdump.20230517.193332.26378.0002.phd
JVMDUMP032I JVM requested Java dump using 
'//javacore.20230517.193332.26378.0003.txt' in response to an event
JVMDUMP010I Java dump written to //javacore.20230517.193332.26378.0003.txt
JVMDUMP032I JVM requested Snap dump using 
'//Snap.20230517.193332.26378.0004.trc' in response to an event
JVMDUMP010I Snap dump written to //Snap.20230517.193332.26378.0004.trc
JVMDUMP013I Processed dump event "systhrow", detail 
"java/lang/OutOfMemoryError".
17-May-2023 19:34:12.173 SEVERE [main] 
org.apache.catalina.core.StandardService.initInternal Failed to initialize 
connector [Connector[org.apache.coyote.http11.Http11Protocol-443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
    at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:1076)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
    at 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
    at 
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:843)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:639)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:662)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
    at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
    at java.lang.reflect.Method.invoke(Method.java:508)
    at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
Caused by: java.lang.IllegalArgumentException: Too many certificates in chain
    at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
    at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72)
    at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:246)
    at 
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1161)
    at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:222)
    at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:599)
    at 
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80)
    at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:1074)
... 13 more
Caused by: java.io.IOException: Too many certificates in chain
    at com.ibm.crypto.provider.JavaKeyStore.engineLoad(Unknown Source)
    at com.ibm.crypto.provider.bg.engineLoad(Unknown Source)
    at com.ibm.crypto.provider.JavaKeyStore$DualFormatJKS.engineLoad(Unknown 
Source)
    at java.security.KeyStore.load(KeyStore.java:1456)
    at org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:69)
    at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:214)
    at 
org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:207)
    at 
org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:280)
    at 
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:244)
    at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:98)
... 20 more
17-May-2023 19:34:12.185 INFO [main] org.apache.catalina.startup.Catalina.load 
Initialization processed in 49562 ms

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to