tags:

views:

941

answers:

1
Q: 

"Too many open files" on Tomcat Keystore

Hello,

I've recently started getting an error on our Tomcat servers : "Too Many Open Files" and the error goes on to reference the keystore file used for the server's SSL connector. Does anybody have any idea where this could be coming from ? Our server receives a considerable number of connections, but if I push the maximum acceptable connections past 150, the server won't even start (for whatever reason). Is there any way to get Tomcat to cache the keystore in memory so that connections don't have to read from the file repeatedly ?

+1  A: 

I'm going to assume that you're running on Linux, because that's where I have an answer.

First step is to check the ulimit for open files, and try to set it higher in the shell:

ulimit -n

This will probably print 1024, which is the "normal" user limit for Linux. Try setting a higher number:

ulimit -n 2048

If this succeeded, great. Put that command in your login script and you should be good to go. If not, then you need to increase the per-user limit. According to this document, the file that you want to edit is /etc/security/limits.conf

Incidentally, you're (probably) not seeing this because Tomcat keeps reading the same file. The JVM normally opens (and memory-maps) all the JAR files used by your application, and may keep open file handles for config files as well. It just happens to hit the limit when opening the keystore file.

kdgregory  2009-07-15 12:11:06

related questions

Why is access denied when installing SSL cert on IIS 5?
What does a PHP developer need to know about https / secure socket layer connections?
Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?
Coding Dojo with IE and SSL
Enforce SSL in code in an ashx handler
How to connect to PostgreSQL from .NET using TLS with both client and server authentication?
HELP SSL GURUs!!! ... Problems with SSL Connection
What's a clean/simple way to ensure the security of a page?
How to specify accepted certificates for Client Authentication in .NET SslStream
SharePoint stream file for preview
Problem with Oracle Application Server SSL Certificates
Is there a limit with the number of SSL connections?
Testing HTTPS files with MAMP
Cheapest SSL certificates
Limiting traffic to SSL version of page only
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Is there a way to make Firefox ignore invalid ssl-certificates?
How do I create a self signed SSL certificate to use while testing a web app.
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
HTTPS in IIS 5.1
How do you redirect HTTPS to HTTP?
Debugging: IE6 + SSL + AJAX + post form = 404 error
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Options for Google Maps over SSL