Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Message-Id: <200304030054.h330sTsl962850@ant.hiwaay.net>
From: Daniel Hallmark <dgh@hiwaay.net>
To: tomcat-user@jakarta.apache.org
Subject: Tomcat SSL hang on startup via ssh on linux box
Date: Wed, 02 Apr 2003 18:54:28 -0600
Sender: dgh@ant.hiwaay.net

I'm running Tomcat 4.1.24 with j2sdk1.4.1_02 under SuSE Linux 8.1.

We have created a java keystore, had our certificate signed by
Thawte, and configured Tomcat to run the SSL connector on port 443.

Running startup.sh from the physical console works flawlessly at all 
times.  Running startup.sh via secure shell (ssh) login works if the 
SSL connector is not enabled.

If I ssh into the box and try to start up Tomcat with SSL enabled,
I get 8 Bootstrap processes that just seem to "hang" around and
never complete.  Specifically, my catalina.out file displays:

Apr 2, 2003 7:17:58 AM org.apache.commons.modeler.Registry loadRegistry
INFO: Loading registry information
Apr 2, 2003 7:17:58 AM org.apache.commons.modeler.Registry getRegistry
INFO: Creating new Registry instance
Apr 2, 2003 7:17:59 AM org.apache.commons.modeler.Registry getServer
INFO: Creating MBeanServer

... and no further activity takes place UNTIL I log into the server
console directly.

As soon as I log in the console, the Bootstrap processes complete
their work and the system is up and running.  I don't have to issue
_any_ commands from the console, just log in and back out.  At that
point my catalina.out file contains the following entries:

Apr 1, 2003 11:45:17 PM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on port 443
Starting service Tomcat-Standalone
Apache Tomcat/4.1.24
Apr 1, 2003 11:45:26 PM 
com.sun.xml.rpc.server.http.JAXRPCContextListener contextInitialized
INFO: JAX-RPC context listener initializing
Apr 1, 2003 11:45:26 PM 
com.sun.xml.rpc.server.http.JAXRPCServletDelegate init
INFO: JAX-RPC servlet initializing
Apr 1, 2003 11:45:27 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on port 443
Apr 1, 2003 11:45:27 PM org.apache.jk.common.ChannelSocket init
INFO: JK2: ajp13 listening on /0.0.0.0:8009
Apr 1, 2003 11:45:27 PM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=2/307  
config=/usr/share/tomcat/conf/jk2.properties


I am running the SSL connector directly on port 443 (standalone) and
I am currently starting Tomcat as the root user so it can aquire the
priviledged port (below 1024).  I have seen this same odd startup
behavior with earlier versions of Tomcat and the JDK (4.0 and 1.4.0).

Once the startup is completed, everything works perfectly, including
our SSL certificate, so I don't think there is a problem with the
server.xml or our keystore.

Any suggestions would be greatly appreciated.  I am soon going to lose
physical access to the box and will need to be able to stop and restart
the server remotely via ssh.

I have included the SSL connector portion of my server.xml below.  The
rest of the server.xml is stock from the installation package (except we
aren't running the port 8080 non-ssl connector at all).

Thanks,
Daniel


<!-- Define a SSL Coyote HTTP/1.1 Connector on port 443 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
           port="443" minProcessors="5" maxProcessors="75"
           enableLookups="true"
           acceptCount="100" debug="0" scheme="https" secure="true"
           useURIValidationHack="false" disableUploadTimeout="true">
  <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
           clientAuth="false" protocol="TLS"
           keystoreFile="some_keystore_file"
           keystorePass="some_keystore_password"/>
</Connector>

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org