"SSLContext not available" in tomcat catalina log when RQM(4.0.3) startup on Redhat Linux 6.3
tomcat catalina log:
Apr 28, 2014 3:13:31 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
Apr 28, 2014 3:13:31 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Realm} Setting property 'debug' to '99' did not find a matching property.
Apr 28, 2014 3:13:31 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-9080"]
Apr 28, 2014 3:13:31 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-9443"]
Apr 28, 2014 3:13:31 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-9443"]
java.io.IOException: ${jazz.connector.sslProtocol} SSLContext not available
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:475)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:393)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:633)
at org.apache.catalina.startup.Catalina.load(Catalina.java:658)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:622)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
Caused by: java.security.NoSuchAlgorithmException: ${jazz.connector.sslProtocol} SSLContext not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:142)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:488)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:448)
... 19 more
Apr 28, 2014 3:13:31 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
Apr 28, 2014 3:13:31 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Realm} Setting property 'debug' to '99' did not find a matching property.
Apr 28, 2014 3:13:31 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-9080"]
Apr 28, 2014 3:13:31 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-9443"]
Apr 28, 2014 3:13:31 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-9443"]
java.io.IOException: ${jazz.connector.sslProtocol} SSLContext not available
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:475)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:393)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:633)
at org.apache.catalina.startup.Catalina.load(Catalina.java:658)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:622)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
Caused by: java.security.NoSuchAlgorithmException: ${jazz.connector.sslProtocol} SSLContext not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:142)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:488)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:448)
... 19 more
4 answers
Yes, I'm using the server.startup script.
Yeah, I read that page too. But it's on windows for RTC not RQM.
And I can see SSL is defined on server.xml under tomcat/conf
<!-- Define a SSL HTTP/1.1 Connector on port 9443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
<Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" algorithm="${jazz.connector.algorithm}" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keystoreFile="ibm-team-ssl.keystore" keystorePass="ibm-team" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="9443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="${jazz.connector.sslProtocol}"/>
Comments
I not sure what is happening on you system, but I can reproduce the same message on my system if I comment out the following java option JAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslProtocol=SSL_TLS". BY default the server.startup should be setting up the SSL_TLS option like the technote in the last comment explains.
What you need to investigate, is you server startup process:
Why are you missing this option?
Are you using the right server.startup?
Some organization transform the Tomcat home to fit their needs, are there requirements in you environment that changes the startup sequence?
Is it possible that you are using a initd (Unix services to startup the server and some of the required Java option are missing?
I would recommend to open a PMR if you need further investigation.
This is the Linux Platform I tested on
Linux someserver.ibm.com 2.6.32-431.11.2.el6.x86_64 #1 SMP Mon Mar 3 13:32:45 EST 2014 x86_64 x86_64 x86_64 GNU/Linux
And the next two section are the update I did in the server.startup, and the output form the tomcat JVM after startup.
<EXTRACT server.startup
# For Mac OS X (unsupported, but used by developers)
if [
uname
= Darwin ];
then
... (removed due to limit of numb or char aloud)
else
JRE_HOME=
pwd
/jre
# JAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslProtocol=SSL_TLS"
JAVA_OPTS="$JAVA_OPTS -Djazz.connector.algorithm=IbmX509"
fi
<EXTRACT/>
Log Output
<LOG Catalina.out>
...Apr 28, 2014 12:36:08 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-9443"]
Apr 28, 2014 12:36:09 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-9443"]
Throwable occurred: java.io.IOException: ${jazz.connector.sslProtocol} SSLContext not available
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:475)
...
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:450)
Caused by: java.security.NoSuchAlgorithmException: ${jazz.connector.sslProtocol} SSLContext not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:210)
<LOGS>
Hi I checked server.startup the line of SSL_TLS is not commented out.
See below:
# For Mac OS X (unsupported, but used by developers)
if [ `uname` = Darwin ];
then
JRE_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home
JAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslProtocol=TLS"
JAVA_OPTS="$JAVA_OPTS -Djazz.connector.algorithm=SunX509"
else
JRE_HOME=`pwd`/jre
JAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslProtocol=SSL_TLS"
JAVA_OPTS="$JAVA_OPTS -Djazz.connector.algorithm=IbmX509"
fi
See below:
# For Mac OS X (unsupported, but used by developers)
if [ `uname` = Darwin ];
then
JRE_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home
JAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslProtocol=TLS"
JAVA_OPTS="$JAVA_OPTS -Djazz.connector.algorithm=SunX509"
else
JRE_HOME=`pwd`/jre
JAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslProtocol=SSL_TLS"
JAVA_OPTS="$JAVA_OPTS -Djazz.connector.algorithm=IbmX509"
fi
on the cannot startup same day, I just knew that the openssl has been just updated.
OpenSSL 1.0.1e-fips 11 Feb 2013
so when the openssl updated? whether the ibm-team-ssl.keystore
<Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" algorithm="IbmX509" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keystoreFile="ibm-team-ssl.keystore" keystorePass="ibm-team" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="9443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="${jazz.connector.sslProtocol}"/>
OpenSSL 1.0.1e-fips 11 Feb 2013
so when the openssl updated? whether the ibm-team-ssl.keystore
<Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" algorithm="IbmX509" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keystoreFile="ibm-team-ssl.keystore" keystorePass="ibm-team" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="9443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="${jazz.connector.sslProtocol}"/>
Comments
Philippe Chevalier
JAZZ DEVELOPER Apr 28 '14, 11:13 a.m.There is really not enough information to go on here, Are you trying to start the server via the Tomcat services, of using the the server.startup script.
Doing a quick search on the net I found the following technote that can help explain the situation.
Tomcat as a Windows Service fails with SSLContext error when using Rational Team Concert
http://www-01.ibm.com/support/docview.wss?uid=swg21460726
Hope this helps