I can get SSL working without JmxRemoteLifecycleListener, and I can get JmxRemoteLifecycleListener to work correctly without SSL. However if I try to use both I get the following error in catalina.out:
failed loading capabilities library -- /usr/lib/libcap.so: cannot open shared object file: No such file or directory. Jan 16, 2014 4:34:20 PM org.apache.catalina.mbeans.JmxRemoteLifecycleListener createServer SEVERE: The JMX connector server could not be created or failed to start for the Platform server java.io.IOException: Cannot bind to URL [rmi://localhost:1900/jmxrmi]: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: non-JRMP server at remote endpoint] at javax.management.remote.rmi.RMIConnectorServer.newIOException(Unknown Source) at javax.management.remote.rmi.RMIConnectorServer.start(Unknown Source) at org.apache.catalina.mbeans.JmxRemoteLifecycleListener.createServer(JmxRemoteLifecycleListener.java:304) at org.apache.catalina.mbeans.JmxRemoteLifecycleListener.lifecycleEvent(JmxRemoteLifecycleListener.java:258) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:347) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:725) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.startup.Catalina.start(Catalina.java:691) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:322) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:243) Caused by: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: non-JRMP server at remote endpoint] at com.sun.jndi.rmi.registry.RegistryContext.bind(Unknown Source) at com.sun.jndi.toolkit.url.GenericURLContext.bind(Unknown Source) at javax.naming.InitialContext.bind(Unknown Source) at javax.management.remote.rmi.RMIConnectorServer.bind(Unknown Source) ... 20 more Caused by: java.rmi.ConnectIOException: non-JRMP server at remote endpoint at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source) at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source) at sun.rmi.server.UnicastRef.newCall(Unknown Source) at sun.rmi.registry.RegistryImpl_Stub.bind(Unknown Source) ... 24 more the ports still get opened but I can not connect via jconsole using ssl or not. If I set com.sun.management.jmxremote.ssl=true I can connect properly without ssl. The relevant configuration from server.xml: <Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="1900" rmiServerPortPlatform="11900" /> and java properties: -Djavax.net.ssl.keyStore=$KEYSTORE -Djavax.net.ssl.keyStorePassword=$KEY_PASS -Dcom.sun.management.jmxremote.ssl.need.client.auth=true -Djavax.net.ssl.trustStore=$TRUSTSTORE -Djavax.net.ssl.trustStorePassword=$TRUST_PASS -Dcom.sun.management.jmxremote.registry.ssl=true -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false -Djava.rmi.server.hostname=$HOST_IP -Dcom.sun.management.jmxremote.ssl=true Is it supported to use these together? If so what am I doing wrong? Thanks, Erik