File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes SSL on Tomcat -- No, not your typical question! Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "SSL on Tomcat -- No, not your typical question!" Watch "SSL on Tomcat -- No, not your typical question!" New topic
Author

SSL on Tomcat -- No, not your typical question!

Ned Ryerson
Greenhorn

Joined: Mar 05, 2010
Posts: 12
I promise, this isn't a request for some hand holding / instructions on how to get and install a cert.

In fact I am well past that point, I generated the keystore.tomcat file, joined it with the cert bundle from godaddy, successfully configured server.xml to point to it and now get no errors on startup related to any of the ssl with ONE exception!

I get this error in catalina.out:

Mar 19, 2010 6:42:57 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Mar 19, 2010 6:42:57 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8443
Mar 19, 2010 6:42:57 AM org.apache.coyote.http11.Http11Protocol start
SEVERE: Error starting endpoint
java.net.BindException: Address already in use <null>:8443
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:549)
at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565)
at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:203)
at org.apache.catalina.connector.Connector.start(Connector.java:1080)
at org.apache.catalina.core.StandardService.start(StandardService.java:531)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.net.BindException: Address already in use
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:359)
at java.net.ServerSocket.bind(ServerSocket.java:319)
at java.net.ServerSocket.<init>(ServerSocket.java:185)
at java.net.ServerSocket.<init>(ServerSocket.java:141)
at javax.net.ssl.SSLServerSocket.<init>(SSLServerSocket.java:84)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.<init>(SSLServerSocketImpl.java:79)
at com.sun.net.ssl.internal.ssl.SSLServerSocketFactoryImpl.createServerSocket(SSLServerSocketFactoryImpl.java:65)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:131)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
... 12 more
Mar 19, 2010 6:42:57 AM org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: java.net.BindException: Address already in use <null>:8443
at org.apache.catalina.connector.Connector.start(Connector.java:1087)
at org.apache.catalina.core.StandardService.start(StandardService.java:531)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Mar 19, 2010 6:42:57 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 2281 ms



clearly it thinks there is a conflict on the port 8443. When I use various tools (netstat, nmap) to check the port, it shows it's being used by the PID for tomcat... and yet when i go to https://mywebsite:8443 it sits and loads till it times out.

When I go to http://mywebsite.com:8080 I do see the splash page.

So then I thought maybe there is a conflict with my webserver... so I shut the webserver down, restarted tomcat... no change. So then I thought maybe it didn't like me starting up on 8080 and 8443 at the same time? So I commented 8080 out, and restarted tomcat... No change (except 8080 doesnt work of course).

Any help??
Misha Ver
Ranch Hand

Joined: Mar 03, 2008
Posts: 470
Are you sure it is "not typical question"? Use the JavaRanch search feature for " Address already in use" in Tomcat forum.
http://faq.javaranch.com/java/SearchFirst
Ned Ryerson
Greenhorn

Joined: Mar 05, 2010
Posts: 12
Most people had a genuine server port conflict, I took steps to see if that was my issue, and it is not.

So yes, it is an atypical question as far as I can see...

Unless I missed where someone checked for port conflict, found that not to be the issue, then resolved it in some other way??

Thanks!
Misha Ver
Ranch Hand

Joined: Mar 03, 2008
Posts: 470
Ned Ryerson wrote:Most people had a genuine server port conflict, I took steps to see if that was my issue, and it is not.


How about stopping Tomcat and checking port 8443 again? May be there is another tomcat instance on the same machine?
Ned Ryerson
Greenhorn

Joined: Mar 05, 2010
Posts: 12
Hi, yeah I tried that and the port frees up when tomcat is stopped. Only one instance of tomcat exists...

Hence why this is strange!

I'm really not sure where to go from here.
Misha Ver
Ranch Hand

Joined: Mar 03, 2008
Posts: 470
Next step would be to post your $CATALINA_HOME/conf/server.xml file, perhaps there is a misconfiguration.
Ned Ryerson
Greenhorn

Joined: Mar 05, 2010
Posts: 12
Cool, here it is (keystore pass changed for security)

Thanks!

Misha Ver
Ranch Hand

Joined: Mar 03, 2008
Posts: 470
Looks like you are difining SSL connector twice on the same port. I guess you want to use only second one.

Ned Ryerson
Greenhorn

Joined: Mar 05, 2010
Posts: 12
Hmm... I was following the apache instructions here:

http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

Under Edit the Tomcat Configuration File

Did I misread what is there? I'll try it now without the first statement, see what happens...
Ned Ryerson
Greenhorn

Joined: Mar 05, 2010
Posts: 12
Wow, that got rid of the error, so thank you for that!!

I still can't access the site at https://mysite.com:8443 though... hmm.

Here is catalina.out with that fix in place... any help is greatly appreciated!

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SSL on Tomcat -- No, not your typical question!