JBoss Enterprise Web Server
  1. JBoss Enterprise Web Server
  2. JBEWS-34

EWS on Windows - Tomcat APR doesn't start with SSL configured when there are garbagge DLL's in WINDOWS\System32

    Details

    • Type: Bug Bug
    • Status: Closed Closed (View Workflow)
    • Priority: Critical Critical
    • Resolution: Migrated to another ITS
    • Affects Version/s: EWS 1.0.2
    • Fix Version/s: TBD EWS
    • Security Level: Public (Everyone can see)
    • Labels:
      None
    • Environment:
      Tomcat 6, Windows 2008 64x
    • Similar Issues:
      Show 6 results 

      Description

      STR:

      1) Install OpenSSL from http://www.openssl.org/related/binaries.html
      Make sure to do this on a disposable Windows installation (virtualized)
      2) Configure EWS's Tomcat 6 to use SSL, e.g.:

          <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                     maxThreads="150" scheme="https" secure="true"
                     SSLCertificateFile="c:\Program Files\Red Hat\Enterprise Web Server\etc\ssl\certs\localhost.crt"
                     SSLCertificateKeyFile="c:\Program Files\Red Hat\Enterprise Web Server\etc\ssl\private\localhost.key"
                     clientAuth="false" sslProtocol="TLS" />
      

      3) Start Tomcat. For simplicity, use startup.bat.
      4) With this, Tomcat will show no error anywhere (Event log, console, or tomcat logs), only Tomcat console window flashes, then disappears.

      After consultation with Mladen, we revealed that:

      A) The error can be only seen if you run `catalina.bat run`, which will show you this:

      Jun 16, 2011 6:06:48 PM org.apache.catalina.core.AprLifecycleListener init
      INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
      Jun 16, 2011 6:06:48 PM org.apache.catalina.core.AprLifecycleListener init
      INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
      Jun 16, 2011 6:06:50 PM org.apache.coyote.http11.Http11AprProtocol init
      INFO: Initializing Coyote HTTP/1.1 on http-8080
      OPENSSL_Uplink(0000000007A92000,08): no OPENSSL_Applink
      

      B) It's caused by garbage DLL's in c:\windows\system32 - libeay32.dll, libssl32.dll, ssleay32.dll

      For the record (and searchability), after removing libeay32, APR did not load at all and the error was:

      Jun 16, 2011 6:23:47 PM org.apache.coyote.http11.Http11Protocol init
      INFO: Initializing Coyote HTTP/1.1 on http-8080
      Jun 16, 2011 6:23:48 PM org.apache.tomcat.util.net.jsse.JSSESocketFactory getStore
      SEVERE: Failed to load keystore type JKS with path C:\Users\Administrator/.keystore due to C:\Users\Administrator\.keystore (The system cannot find the file specified)
      java.io.FileNotFoundException: C:\Users\Administrator\.keystore (The system cannot find the file specified)
              at java.io.FileInputStream.open(Native Method)
              at java.io.FileInputStream.<init>(FileInputStream.java:120)
      

      This potential gotcha should be documented - users should be advised to check c:\windows\system32 for files overriding EWS's DLL's.
      This is especially important because Tomcat doesn't log any error and the poor user is left in chaos.

      Maybe EWS could also have a script for this - just something which would list potential troublemakers if present there.

        Activity

        Hide
        Rebecca Newton (Inactive)
        added a comment -

        Hey Ondrej, thanks for the clarification. Reworded and I've slipped it into the Installation Guide under 4.4 Running Enterprise Web Server (on Windows). It will be available with the new build. Offending sentence reworded below:

        "Tomcat therefore does not start, and does not long any error messages about it in Windows Event Log, or Tomcat log files. Errors can only be seen by using catalina.bat run"

        Show
        Rebecca Newton (Inactive)
        added a comment - Hey Ondrej, thanks for the clarification. Reworded and I've slipped it into the Installation Guide under 4.4 Running Enterprise Web Server (on Windows). It will be available with the new build. Offending sentence reworded below: "Tomcat therefore does not start, and does not long any error messages about it in Windows Event Log, or Tomcat log files. Errors can only be seen by using catalina.bat run"
        Hide
        Ondrej Zizka
        added a comment -

        Good. Almost If you change "long" to "log", I call it done.

        Show
        Ondrej Zizka
        added a comment - Good. Almost If you change "long" to "log", I call it done.
        Hide
        Ondrej Zizka
        added a comment -

        Rebecca, pls let's finish this, thx.

        Show
        Ondrej Zizka
        added a comment - Rebecca, pls let's finish this, thx.
        Hide
        Rebecca Newton (Inactive)
        added a comment -

        Okay, I'm updating the stage now. Not sure how I overlooked that! I'll wait for your sign off on JBPAPP-6740 and then update this on the live site.

        Show
        Rebecca Newton (Inactive)
        added a comment - Okay, I'm updating the stage now. Not sure how I overlooked that! I'll wait for your sign off on JBPAPP-6740 and then update this on the live site.
        Hide
        RH Bugzilla Integration
        added a comment -

        This issue has been migrated to Bugzilla bug 899443. Please note that this JIRA issue has been closed as part of the migration and therefore you will need to check the Bugzilla issue to find the current status.

        Show
        RH Bugzilla Integration
        added a comment - This issue has been migrated to Bugzilla bug 899443 . Please note that this JIRA issue has been closed as part of the migration and therefore you will need to check the Bugzilla issue to find the current status.

          People

          • Assignee:
            Rebecca Newton (Inactive)
            Reporter:
            Ondrej Zizka
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: