"SSLContext not available" in tomcat catalina log when RQM(4.0.3) startup on Redhat Linux 6.3

Pamela Mei

(6●1●1●1) Apr 28 '14, 8:54 a.m.

tomcat catalina log:
Apr 28, 2014 3:13:31 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
Apr 28, 2014 3:13:31 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Realm} Setting property 'debug' to '99' did not find a matching property.
Apr 28, 2014 3:13:31 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-9080"]
Apr 28, 2014 3:13:31 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-9443"]
Apr 28, 2014 3:13:31 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-9443"]
java.io.IOException: ${jazz.connector.sslProtocol} SSLContext not available
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:475)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
        at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:393)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
        at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:633)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:658)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:622)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
Caused by: java.security.NoSuchAlgorithmException: ${jazz.connector.sslProtocol} SSLContext not available
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
        at javax.net.ssl.SSLContext.getInstance(SSLContext.java:142)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:488)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:448)
        ... 19 more

0 votes

Comments

Philippe Chevalier

JAZZ DEVELOPER Apr 28 '14, 11:13 a.m.

There is really not enough information to go on here, Are you trying to start the server via the Tomcat services, of using the the server.startup script.

Doing a quick search on the net I found the following technote that can help explain the situation.

Tomcat as a Windows Service fails with SSLContext error when using Rational Team Concert
http://www-01.ibm.com/support/docview.wss?uid=swg21460726

Hope this helps

4 answers

15,139 views

0 votes

4 answers

Permanent link

Pamela Mei

(6●1●1●1) Apr 28 '14, 11:22 a.m.

Yes, I'm using the server.startup script.
Yeah, I read that page too. But it's on windows for RTC not RQM.
And I can see SSL is defined on server.xml under tomcat/conf
    
    
    <Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" algorithm="${jazz.connector.algorithm}" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keystoreFile="ibm-team-ssl.keystore" keystorePass="ibm-team" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="9443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="${jazz.connector.sslProtocol}"/>

0 votes

Comments

Philippe Chevalier

JAZZ DEVELOPER Apr 28 '14, 12:49 p.m.

I not sure what is happening on you system, but I can reproduce the same message on my system if I comment out the following java option JAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslProtocol=SSL_TLS". BY default the server.startup should be setting up the SSL_TLS option like the technote in the last comment explains.

What you need to investigate, is you server startup process:

Why are you missing this option?

Are you using the right server.startup?

Some organization transform the Tomcat home to fit their needs, are there requirements in you environment that changes the startup sequence?

Is it possible that you are using a initd (Unix services to startup the server and some of the required Java option are missing?

I would recommend to open a PMR if you need further investigation.

Philippe Chevalier

JAZZ DEVELOPER Apr 28 '14, 12:52 p.m.

This is the Linux Platform I tested on

Linux someserver.ibm.com 2.6.32-431.11.2.el6.x86_64 #1 SMP Mon Mar 3 13:32:45 EST 2014 x86_64 x86_64 x86_64 GNU/Linux

And the next two section are the update I did in the server.startup, and the output form the tomcat JVM after startup.

<EXTRACT server.startup

# For Mac OS X (unsupported, but used by developers)

if [ uname = Darwin ];

then

... (removed due to limit of numb or char aloud)

else

JRE_HOME=pwd/jre

# JAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslProtocol=SSL_TLS"

JAVA_OPTS="$JAVA_OPTS -Djazz.connector.algorithm=IbmX509"

Philippe Chevalier

JAZZ DEVELOPER Apr 28 '14, 12:54 p.m.

Log Output

...Apr 28, 2014 12:36:08 PM org.apache.coyote.AbstractProtocol init

INFO: Initializing ProtocolHandler ["http-bio-9443"]

Apr 28, 2014 12:36:09 PM org.apache.coyote.AbstractProtocol init

SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-9443"]

Throwable occurred: java.io.IOException: ${jazz.connector.sslProtocol} SSLContext not available

at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:475)

...

at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)

Caused by: java.security.NoSuchAlgorithmException: ${jazz.connector.sslProtocol} SSLContext not available

at sun.security.jca.GetInstance.getInstance(GetInstance.java:210)

<LOGS>

Permanent link

Pamela Mei

(6●1●1●1) Apr 29 '14, 9:33 p.m.

Hi I checked server.startup the line of SSL_TLS is not commented out.
See below:
# For Mac OS X (unsupported, but used by developers)
if [ `uname` = Darwin ];
then
    JRE_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home
    JAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslProtocol=TLS"
    JAVA_OPTS="$JAVA_OPTS -Djazz.connector.algorithm=SunX509"
else
    JRE_HOME=`pwd`/jre
    JAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslProtocol=SSL_TLS"
    JAVA_OPTS="$JAVA_OPTS -Djazz.connector.algorithm=IbmX509"
fi

0 votes

Permanent link

Pamela Mei

(6●1●1●1) Apr 30 '14, 4:30 a.m.

on the cannot startup same day, I just knew that the openssl has been just updated.
OpenSSL 1.0.1e-fips 11 Feb 2013
so when the openssl updated? whether the ibm-team-ssl.keystore
<Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" algorithm="IbmX509" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keystoreFile="ibm-team-ssl.keystore" keystorePass="ibm-team" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="9443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="${jazz.connector.sslProtocol}"/>

0 votes

Comments

Philippe Chevalier

JAZZ DEVELOPER Apr 30 '14, 8:47 a.m.

Can you please clarify "so when the openssl updated? whether the ibm-team-ssl.keystore"

Are you asking if the ibm-team-ssl.keystore is the concern? and does it require an update because of the change to your openssl libraries?

Permanent link

Pamela Mei

(6●1●1●1) May 04 '14, 12:27 a.m.

sorry for loss pasting content.
I remember the openssl is updated due to "Heart Bleed".
Yes, I'm asking whether the keystore is the concern?whether the keystore file needs to be updated or not.

0 votes

Your answer

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers

Answers and Comments

Question details

rational-quality-manager

× 10,978

troubleshooting

× 6,040

ssl

× 36

Question asked: Apr 28 '14, 8:54 a.m.

Question was seen: 15,139 times

Last updated: May 04 '14, 12:27 a.m.

"SSLContext not available" in tomcat catalina log when RQM(4.0.3) startup on Redhat Linux 6.3

Comments

4 answers

15,139 views

0 votes

4 answers

Comments

Comments

Your answer

Follow this question

Question details

Related questions