APR SSL error: "Socket bind failed: [98] Address already in use"

Sat, 19 Nov 2011 10:44:50 -0800 

Summary: I'm looking for ideas on how to resolve this "Address already
in use" error when configuring SSL in Tomcat APR.

Environment:
 Running Apache Tomcat/6.0.24
 on OS is Ubuntu 10.04.2 LTS
 with JVM 1.7.0_01-b08

//
// Prior to configuring SSL, and after starting Tomcat I run "netstat
-tulpn" and see that port 8443 is not used:
//
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address
State       PID/Program name
tcp        0      0 127.0.0.1:3306          0.0.0.0:*
LISTEN      29002/mysqld
tcp        0      0 0.0.0.0:22              0.0.0.0:*
LISTEN      2136/sshd
tcp6       0      0 127.0.0.1:8005          :::*
LISTEN      12796/java
tcp6       0      0 :::8080                 :::*
LISTEN      12796/java
tcp6       0      0 :::22                   :::*
LISTEN      2136/sshd
udp        0      0 0.0.0.0:68              0.0.0.0:*
         2087/dhclient3

//
// I stop Tomcat, and add the following to my server.xml file:
//
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<Connector port="8443"
           protocol="org.apache.coyote.http11.Http11AprProtocol"
           maxThreads="150"
           scheme="https"
           secure="true"
           clientAuth="false"
           sslProtocol="TLS"
           SSLEnabled="true"
           SSLCertificateKeyFile="/etc/apache2/ssl/myUniqueDomain.com.key"
           SSLCACertificateFile="/etc/apache2/ssl/myUniqueDomain.com.ca.crt" />

//
// I restart Tomcat, and see the following in the catalina.out file:
//
SEVERE: Error starting endpoint
java.lang.Exception: Socket bind failed: [98] Address already in use
        at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:646)
        at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:753)
        at 
org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137)
        at org.apache.catalina.connector.Connector.start(Connector.java:1080)
        at 
org.apache.catalina.core.StandardService.start(StandardService.java:531)
        at 
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

Nov 19, 2011 11:35:19 AM org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException:  service.getName(): "Catalina";  Protocol handler
start failed: java.lang.Exception: Socket bind failed: [98] Address
already in use
        at org.apache.catalina.connector.Connector.start(Connector.java:1087)
        at 
org.apache.catalina.core.StandardService.start(StandardService.java:531)
        at 
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

//
// Running "netstat -tulpn" I see that port 8443 is now being used:
//
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address
State       PID/Program name
tcp        0      0 127.0.0.1:3306          0.0.0.0:*
LISTEN      29002/mysqld
tcp        0      0 0.0.0.0:22              0.0.0.0:*
LISTEN      2136/sshd
tcp6       0      0 127.0.0.1:8005          :::*
LISTEN      10696/java
tcp6       0      0 :::8080                 :::*
LISTEN      10696/java
tcp6       0      0 :::22                   :::*
LISTEN      2136/sshd
tcp6       0      0 :::8443                 :::*
LISTEN      10696/java
udp        0      0 0.0.0.0:68              0.0.0.0:*
         2087/dhclient3

If I change <Connector port="8443" to <Connector port="8445", I get
the same error message, and "netstat -tulpn" shows:
tcp6       0      0 :::8445                 :::*
LISTEN      10696/java

I have also tried adding the following to my server.xml as an
attribute to "<Connector " and still get the same error:
SSLCertificateFile="/etc/apache2/ssl/domain.com.crt"

It appears as if adding a single connector for port 8443 in server.xml
is causing two to attempt to load, thus resulting in a conflict. I've
been searching and reading for two days, looking for ideas on how I
could take this analysis a step further... and am now asking for
ideas.

If it matters, I generated my OpenSSL certificate signing request for
a commercial SSL certificate via:
openssl req -newkey rsa:2048 -days 365 -nodes -keyout
myUniqueDomain.com.key -out myUniqueDomain.com.csr

Thanks, Eric Kemp

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to