Skip to main content

I'm configuring fme (fme server 2019.1.3.1) to use https. When I try importing a pfx wildcard certificate into the tomcat.keystore and I'm get the following error:

Importing keystore C:\\certificates\\xxxxxxx.xxx.pfx to tomcat.keystore...

keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.

 

Any thoughts on what the error might be and how to fix it?

 

Thanks!

 

 

@billybob​ , 

Are you running this command when you receive that error? 

keytool -importkeystore -srckeystore <certpath>\<certificate_name>.pfx -srcstoretype pkcs12 -destkeystore tomcat.keystore -deststoretype jks

 I've found this article going over that error. Maybe this can help.

 

 

 


This is the command: >keytool -importkeystore -srckeystore <certpath>\\<certificate_name>.pfx -srcstoretype pkcs12 -destkeystore tomcat.keystore -deststoretype pkcs12 The command you have shows "-deststoretype jks" as the last option. Is that the issue?


This is the command: >keytool -importkeystore -srckeystore <certpath>\\<certificate_name>.pfx -srcstoretype pkcs12 -destkeystore tomcat.keystore -deststoretype pkcs12 The command you have shows "-deststoretype jks" as the last option. Is that the issue?

I know you can set it to either of those, but the "jks" worked for me. I'm not really sure if that will fix it on your end.

 

https://community.safe.com/s/article/fme-server-and-httpsssl-pfx-certificate

 


Great! I'll give that a try. Thanks for the article pointer. That helps confirm that I'm using the latest configuration instructions.


Thanks. That worked for me. After making the required configuration changes to the various tomcat files, I can't seem to access https://localhost.. Any thoughts on that issue?

 


Thanks. That worked for me. After making the required configuration changes to the various tomcat files, I can't seem to access https://localhost.. Any thoughts on that issue?

 

Hi @billybob​ ,

Please can you review the log files located in <FMEServerFileShare>/Resources/Logs/tomcat. In particular look in the catalina.log for SEVERE messages, this should tell us what is going on.


Hi @hollyatsafe,

I was able to figure out the issue. Some how the tomcat.keystore was corrupted. I simply remove the keystore, recreated it by importing the certificate again, and verified the changes to the xml files. That worked, and I'm able to access https://localhost now. Thank you the response. Reviewing the logs if I have any other is should come in handy.

 

Thanks again!


Reply