Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SSL - EOFException/Length is too big

12 views
Skip to first unread message

Sumire

unread,
Aug 27, 2001, 5:52:00 PM8/27/01
to

I am trying to configure the SSL protocol on wls6.0sp1, and have problems. Demo
cerficates that came with wls6.0sp1 works fine, but I am trying to generate the
CSR so that "Security Alert" warning doesn't get displayed on the client browser.

Basically, I get "EOFException" or "IOException: Lengh is too big" when the server
starts. Please let me know what is the necessary steps.

Here are the steps I followed:
1) https://<mydomain>/certificate/CertificateServlet which generated the 3 files
below.
<mydomain>-request.dem
<mydomain>-request.pem
<mydomain>-key.der


2) Obtained a digital certificate from VeriSign (<mydomain>.pem), and stored in
\wlserver6.0\config\mydomain
Question: Should it be specified as "Server Certificate File Name"?

3) Using the console, I specified...
Server Key File Name: <mydomain>-key.der
Server Certificate File Name: <mydomain>-request.dem
Server Certificate Chain File Name: <mydomain>-request.pem

4) Added -D Dweblogic.management.pkpassword=<passwd> in startup script.

5) And restarted the server.

=======RESULT=======
<Aug 27, 2001 1:33:27 PM PDT> <Alert> <WebLogicServer> <Security configuration
problem with certificate file <domain>-key.der, java.io.EOFException>
java.io.EOFException
at weblogic.security.Utils.inputByte(Utils.java:133)
at weblogic.security.ASN1.ASN1Header.inputTag(ASN1Header.java:125)
at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:394)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)


6) So, I checked "Use Encrypted Keys" as some article suggested, and got the different
result.
=======RESULT=======
java.io.IOException: Length is too big: takes 93 bytes
at weblogic.security.ASN1.ASN1Header.inputLength(ASN1Header.java:148)
at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:120)
at weblogic.security.X500Name.input(X500Name.java:58)
at weblogic.security.X509.input(X509.java:134)
at weblogic.security.X509.initialize(X509.java:81)
at weblogic.security.Certificate.<init>(Certificate.java:59)
at weblogic.security.X509.<init>(X509.java:56)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:232)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Aug 27, 2001 1:31:25 PM PDT> <Alert> <WebLogicServer> <Inconsistent security
configuration, weblogic.security.KeyManagementException: java.io.IOException:
Length is too big: takes 93 bytes>
weblogic.security.KeyManagementException: java.io.IOException: Length is too big:
takes 93 bytes
at weblogic.security.X509.initialize(X509.java:86)
at weblogic.security.Certificate.<init>(Certificate.java:59)
at weblogic.security.X509.<init>(X509.java:56)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:232)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:411)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)


PLEASE HELP ME! Thanks.


Igor Vinnikov

unread,
Aug 30, 2001, 6:10:11 AM8/30/01
to

I have the same problem.

In order to solve it you need to do:

Server Key File Name: <mydomain>-key.der

Server Certificate File Name: <your-certificate-file-from-verisign>
Server Certificate Chain File Name: <virisign-sertificate> (download from verisign
site)

Also try don't use password in your request to verisign and don't specify -D Dweblogic.management.pkpassword=<passwd>

Terry Trippany

unread,
Sep 7, 2001, 10:51:14 AM9/7/01
to
Hi. You can even use password protected keys as long as the root CA is
installed correctly (At least this is the case with Thawte). Make sure you
get the correct root cert and start the server with the -D option for the
pkpassword. The RSA cert one is the one to select, pick the server based
cert if you purchased serever sll, etc.

NOTE - Weblogic Server 6.1 has a problem with the CSR generated key and has
supplied a wlkeytool utility program. This is not very well documented and
really shouldn't be a problem. I would rather have it simply work.

Terry Trippany
Chicago

However, I would imagine that
"Igor Vinnikov" <vin...@rambler.ru> wrote in message
news:3b8e02f3$1...@newsgroups.bea.com...

0 new messages