Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

"SSLContext not available" in tomcat catalina log when RQM(4.0.3) startup on Redhat Linux 6.3

tomcat catalina log:
Apr 28, 2014 3:13:31 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
Apr 28, 2014 3:13:31 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Realm} Setting property 'debug' to '99' did not find a matching property.
Apr 28, 2014 3:13:31 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-9080"]
Apr 28, 2014 3:13:31 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-9443"]
Apr 28, 2014 3:13:31 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-9443"]
java.io.IOException: ${jazz.connector.sslProtocol} SSLContext not available
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:475)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
        at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:393)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
        at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:633)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:658)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:622)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
Caused by: java.security.NoSuchAlgorithmException: ${jazz.connector.sslProtocol} SSLContext not available
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
        at javax.net.ssl.SSLContext.getInstance(SSLContext.java:142)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:488)
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:448)
        ... 19 more

0 votes

Comments

There is really not enough information to go on here,  Are you trying to start the server via the Tomcat services, of using the the server.startup script.

Doing a quick search on the net I found the following technote that can help explain the situation.

Tomcat as a Windows Service fails with SSLContext error when using Rational Team Concert
http://www-01.ibm.com/support/docview.wss?uid=swg21460726

Hope this helps



4 answers

Permanent link


Yes, I'm using the server.startup script.
Yeah, I read that page too. But it's on windows for RTC not RQM.
And I can see SSL is defined on server.xml under tomcat/conf
    <!-- Define a SSL HTTP/1.1 Connector on port 9443
         This connector uses the JSSE configuration, when using APR, the
         connector should be using the OpenSSL style configuration
         described in the APR documentation -->
    <!--
    <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
    -->
    <Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" algorithm="${jazz.connector.algorithm}" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keystoreFile="ibm-team-ssl.keystore" keystorePass="ibm-team" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="9443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="${jazz.connector.sslProtocol}"/>

0 votes

Comments

 I not sure what is happening on you system, but I can reproduce the same message on my system if I comment out the following java option JAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslProtocol=SSL_TLS".  BY default the server.startup should be setting up the SSL_TLS option like the technote in the last comment explains.


What you need to investigate, is you server startup process:

Why are you missing this option?  
Are you using the right server.startup?  
  Some organization transform the Tomcat home to fit their needs, are there requirements in you environment that changes the startup sequence?
Is it possible that you are using a initd (Unix services to startup the server and some of the required Java option are missing?

I would recommend to open a PMR if you need further investigation.



 This is the Linux Platform I tested on


Linux someserver.ibm.com 2.6.32-431.11.2.el6.x86_64 #1 SMP Mon Mar 3 13:32:45 EST 2014 x86_64 x86_64 x86_64 GNU/Linux

And the next two section are the update I did in the server.startup, and the output form the tomcat JVM after startup.

<EXTRACT server.startup

# For Mac OS X (unsupported, but used by developers)
if [ uname = Darwin ];
  then
   ... (removed due to limit of numb or char aloud)
  else
    JRE_HOME=pwd/jre
#    JAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslProtocol=SSL_TLS"
    JAVA_OPTS="$JAVA_OPTS -Djazz.connector.algorithm=IbmX509"
fi

<EXTRACT/>



 Log Output


<LOG Catalina.out>
...Apr 28, 2014 12:36:08 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-9443"]
Apr 28, 2014 12:36:09 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-9443"]
Throwable occurred: java.io.IOException: ${jazz.connector.sslProtocol} SSLContext not available
        at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:475)
   ...
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
Caused by: java.security.NoSuchAlgorithmException: ${jazz.connector.sslProtocol} SSLContext not available
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:210)
<LOGS>



Permanent link
Hi I checked server.startup the line of SSL_TLS is not commented out.
See below:
# For Mac OS X (unsupported, but used by developers)
if [ `uname` = Darwin ];
  then
    JRE_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home
    JAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslProtocol=TLS"
    JAVA_OPTS="$JAVA_OPTS -Djazz.connector.algorithm=SunX509"
  else
    JRE_HOME=`pwd`/jre
    JAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslProtocol=SSL_TLS"
    JAVA_OPTS="$JAVA_OPTS -Djazz.connector.algorithm=IbmX509"
fi

0 votes


Permanent link
on the cannot startup same day, I just knew that the openssl has been just updated.
OpenSSL 1.0.1e-fips 11 Feb 2013
so when the openssl updated? whether the ibm-team-ssl.keystore
<Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" algorithm="IbmX509" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keystoreFile="ibm-team-ssl.keystore" keystorePass="ibm-team" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="9443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="${jazz.connector.sslProtocol}"/>


0 votes

Comments

Can you please clarify "so when the openssl updated? whether the ibm-team-ssl.keystore" 


Are you asking if the ibm-team-ssl.keystore is the concern? and does it require an update because of the change to your openssl libraries?


Permanent link
sorry for loss pasting content.
I remember the openssl is updated due to "Heart Bleed".
Yes, I'm asking whether the keystore is the concern?whether the keystore file needs to be updated or not.

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 36

Question asked: Apr 28 '14, 8:54 a.m.

Question was seen: 15,139 times

Last updated: May 04 '14, 12:27 a.m.

Confirmation Cancel Confirm