Tomcat thread pool exhaustion.
Tomcat
1export PATH_TO_SSL_CERTIFICATE="PLACEHOLDER"23export PORT_NUMBER="PLACEHOLDER"45export HOSTNAME="PLACEHOLDER"67export CIPHER_SUITE="PLACEHOLDER"89export PATH_TO_CERTIFICATE="PLACEHOLDER"1011export SERVER_CIPHER_SUITE="PLACEHOLDER"1213export CLIENT_CIPHER_SUITE="PLACEHOLDER"
systemctl status tomcat.service
grep -i "ssl" /etc/tomcat/conf/server.xml
openssl x509 -enddate -noout -in ${PATH_TO_SSL_CERTIFICATE}
openssl s_client -connect ${HOSTNAME}:${PORT_NUMBER} -tls1_2
openssl s_client -connect ${HOSTNAME}:${PORT_NUMBER} -tls1_2 -cipher ${CIPHER_SUITE}
ping ${HOSTNAME}
iptables -L
1#!/bin/bash2345# Set the path to the SSL certificate67CERT_PATH=${PATH_TO_CERTIFICATE}891011# Verify that the certificate is valid and properly installed1213openssl x509 -in $CERT_PATH -noout -check14151617# If the certificate is not valid, print an error message and exit1819if [ $? -ne 0 ]; then2021 echo "Error: The SSL certificate is not valid or is not properly installed."2223 exit 12425fi26272829# If the certificate is valid, print a success message3031echo "Success: The SSL certificate is valid and properly installed."
1#!/bin/bash2345# Set variables for client and server cipher suites67client_cipher_suite=${CLIENT_CIPHER_SUITE}89server_cipher_suite=${SERVER_CIPHER_SUITE}10111213# Check the current cipher suite configuration on the server1415current_server_cipher_suite=$(grep -i sslprotocol /etc/tomcat/server.xml)16171819# If the current server cipher suite is not the same as the desired one, update the server configuration2021if [[ $current_server_cipher_suite != *$server_cipher_suite* ]]; then2223 sed -i 's|.*sslProtocol=.*| sslProtocol="$server_cipher_suite"|g' /etc/tomcat/server.xml2425 systemctl restart tomcat2627fi28293031# Check the current cipher suite configuration on the client3233current_client_cipher_suite=$(grep -i sslprotocol /etc/httpd/conf.d/ssl.conf)34353637# If the current client cipher suite is not the same as the desired one, update the client configuration3839if [[ $current_client_cipher_suite != *$client_cipher_suite* ]]; then4041 sed -i 's|.*SSLCipherSuite .*| SSLCipherSuite $client_cipher_suite|g' /etc/httpd/conf.d/ssl.conf4243 systemctl restart httpd4445fi
Check out these related runbooks to help you debug and resolve similar issues.