Strange error in catalina.out: "SEVERE: Error initializing endpoint Address already in use <null>:8443"

Christian Munive christian.munive at
Wed Sep 17 17:26:53 EDT 2014

Hi. Yep, I just finished setting up a couple of IdPs, one with Apache +
Tomcat, and another with Tomcat alone, the later following your guide.

The errors in catalina.out are gone and both work nicely. And you're right,
it's more simple / easy to use Tomcat alone. I got a bit confused with the
configuration instructions, trying to "complete" the SWITCH configuration
with bits from the Shib guide... but it's clear for me now.

Thanks again.

2014-09-16 10:39 GMT-05:00 Peter Schober <peter.schober at>:

> * Christian Munive <christian.munive at> [2014-09-16 16:19]:
> > I see... thanks Peter. Yeah, I was trying to follow these instructions:
> >
> >
> >
> > But also including the instructions from the main site:
> >
> >
> Yeah, you can't combine those. The SWITCH guide uses httpd (and is
> complete/sufficient by itself), the Shib wiki only has the
> instructions to add SOAP support to Tomcat when using Tomcat solo
> (there's your conflict with httpd and the SWITCH docs).
> The Shib wiki also does not detail setting up TLS/SSL for port 443
> (since this is not Shib specific).
> If you want to try or compare yet another set of third party
> documentation (for Tomcat solo, incl TLS setup) have a look at my own:
> Concact me off-list for any questions about that, of course.
> > I just tried what you recommended (using the port 443 only) and the
> > problem went away.
> I did not say anything that amounts to "using the port 443 only":
> For Tomcat+httpd you'd use Tomcat on port 8009 only, and let httpd
> proxy and serve 443 and 8443.
> For Tomcat solo you'd serve 443 and 8443 from Tomcat itself.
> > I'll give it a thought and see which port / configuration might be
> > the better one.
> Somewhat academic, but things to consider:
> * 2 servers (Tomcat+httpd) needed for 1 purpose vs. 1 server (Tomcat solo):
> * ease of running the JVM as non-root (also depends on
>   OS/distribution; it's trivial on Debian/Ubuntu; I have a locally
>   rolled SRPM for authbind if you wanted to have the same on RHEL-like
>   systems):
> * ease of configuring TLS/SSL (though with PKCS#12 support in Tomcat
>   the pain of managing JKS goes away, see my documention above):
> * versions of Tomcat available through package management (for
>   security updates) in the OS/distribution you're using, and the
>   availability of the DelegateToApplication extension for Tomcat:
> * easy of adding container-based authentication for ECP
> These are the main points, I feel.
> -peter
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list