[jira] [Created] (SOLR-14377) Solr with private SSL certificate not working

Thu, 02 Apr 2020 06:14:52 -0700 

Ravi Prakash created SOLR-14377:
-----------------------------------

             Summary: Solr with private SSL certificate not working
                 Key: SOLR-14377
                 URL: https://issues.apache.org/jira/browse/SOLR-14377
             Project: Solr
          Issue Type: Test
      Security Level: Public (Default Security Level. Issues are Public)
          Components: SolrCLI
    Affects Versions: 8.4.1
         Environment: Centos 7

Solr-8.4.1

java -version
openjdk version "1.8.0_121"
OpenJDK Runtime Environment (build 1.8.0_121-b13)
OpenJDK 64-Bit Server VM (build 25.121-b13, mixed mode)
            Reporter: Ravi Prakash


I installed solr-8.4.1 on centos 7, and tried to add SSL certificate to 
bin/solr.in.sh file.
 ===
 #Enables HTTPS. It is implictly true if you set SOLR_SSL_KEY_STORE. Use this 
config
 # to enable https module with custom jetty configuration.
 *SOLR_SSL_ENABLED=true*
 # Uncomment to set SSL-related system properties
 # Be sure to update the paths to the correct keystore for your environment
 *SOLR_SSL_KEY_STORE=/opt/solr/server/solr-ssl.keystore.jks
 SOLR_SSL_KEY_STORE_PASSWORD=mypassword
 SOLR_SSL_TRUST_STORE=/opt/solr/server/solr-ssl.keystore.jks
 SOLR_SSL_TRUST_STORE_PASSWORD=mypassword*
 # Require clients to authenticate
 *SOLR_SSL_NEED_CLIENT_AUTH=false*
 # Enable clients to authenticate (but not require)
 *SOLR_SSL_WANT_CLIENT_AUTH=false*
 # Verify client's hostname during SSL handshake
 *SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=false*
 ===
 
Then I restart the server : service solr restart

Still all the browser says :

This site can't provide a secure connection localhsot sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR

I checked the logs in /var/solr/logs/solr.log

2020-04-02 12:58:33.669 INFO  (main) [   ] o.e.j.u.log Logging initialized 
@1856ms to org.eclipse.jetty.util.log.Slf4jLog
2020-04-02 12:58:33.870 WARN  (main) [   ] o.e.j.s.AbstractConnector Ignoring 
deprecated socket close linger time
2020-04-02 12:58:33.870 WARN  (main) [   ] o.e.j.x.XmlConfiguration Deprecated 
method public void 
org.eclipse.jetty.server.ServerConnector.setSoLingerTime(int) in 
file:///opt/solr-8.4.1/server/etc/jetty-http.xml
2020-04-02 12:58:33.877 INFO  (main) [   ] o.e.j.s.Server 
jetty-9.4.19.v20190610; built: 2019-06-10T16:30:51.723Z; git: 
afcf563148970e98786327af5e07c261fda175d3; jvm 1.8.0_121-b13
2020-04-02 12:58:33.907 INFO  (main) [   ] o.e.j.d.p.ScanningAppProvider 
Deployment monitor [file:///opt/solr-8.4.1/server/contexts/] at interval 0
2020-04-02 12:58:34.238 INFO  (main) [   ] o.e.j.w.StandardDescriptorProcessor 
NO JSP Support for /solr, did not find org.apache.jasper.servlet.JspServlet
2020-04-02 12:58:34.251 INFO  (main) [   ] o.e.j.s.session 
DefaultSessionIdManager workerName=node0
2020-04-02 12:58:34.251 INFO  (main) [   ] o.e.j.s.session No SessionScavenger 
set, using defaults
2020-04-02 12:58:34.254 INFO  (main) [   ] o.e.j.s.session node0 Scavenging 
every 660000ms
2020-04-02 12:58:34.362 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter Using 
logger factory org.apache.logging.slf4j.Log4jLoggerFactory
2020-04-02 12:58:34.368 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter  ___      
_       Welcome to Apache Solr™ version 8.4.1
2020-04-02 12:58:34.368 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter / __| 
___| |_ _   Starting in standalone mode on port 8983
2020-04-02 12:58:34.368 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter \__ \/ _ 
\ | '_|  Install dir: /opt/solr
2020-04-02 12:58:34.369 INFO  (main) [   ] o.a.s.s.SolrDispatchFilter 
|___/\___/_|_|    Start time: 2020-04-02T12:58:34.368Z
2020-04-02 12:58:34.397 INFO  (main) [   ] o.a.s.c.SolrResourceLoader Using 
system property solr.solr.home: /var/solr/data
2020-04-02 12:58:34.406 INFO  (main) [   ] o.a.s.c.SolrXmlConfig Loading 
container configuration from /var/solr/data/solr.xml
2020-04-02 12:58:34.499 INFO  (main) [   ] o.a.s.c.SolrXmlConfig MBean server 
found: com.sun.jmx.mbeanserver.JmxMBeanServer@143640d5, but no JMX reporters 
were configured - adding default JMX reporter.
2020-04-02 12:58:35.177 INFO  (main) [   ] o.a.s.h.c.HttpShardHandlerFactory 
Host whitelist initialized: WhitelistHostChecker [whitelistHosts=null, 
whitelistHostCheckingEnabled=true]
2020-04-02 12:58:35.331 WARN  (main) [   ] o.e.j.u.s.S.config Trusting all 
certificates configured for 
Client@57eda880[provider=null,keyStore=null,trustStore=null]
2020-04-02 12:58:35.331 WARN  (main) [   ] o.e.j.u.s.S.config No Client 
EndPointIdentificationAlgorithm configured for 
Client@57eda880[provider=null,keyStore=null,trustStore=null]
2020-04-02 12:58:35.548 WARN  (main) [   ] o.e.j.u.s.S.config Trusting all 
certificates configured for 
Client@423e4cbb[provider=null,keyStore=null,trustStore=null]
2020-04-02 12:58:35.548 WARN  (main) [   ] o.e.j.u.s.S.config No Client 
EndPointIdentificationAlgorithm configured for 
Client@423e4cbb[provider=null,keyStore=null,trustStore=null]
2020-04-02 12:58:35.573 WARN  (main) [   ] o.a.s.c.CoreContainer Not all 
security plugins configured!  authentication=disabled authorization=disabled.  
Solr is only as secure as you make it. Consider configuring 
authentication/authorization before exposing Solr to users internal or 
external.  See https://s.apache.org/solrsecurity for more info
2020-04-02 12:58:35.765 INFO  (main) [   ] 
o.a.s.c.TransientSolrCoreCacheDefault Allocating transient cache for 2147483647 
transient cores
2020-04-02 12:58:35.768 INFO  (main) [   ] o.a.s.h.a.MetricsHistoryHandler No 
.system collection, keeping metrics history in memory.
2020-04-02 12:58:35.864 INFO  (main) [   ] o.a.s.m.r.SolrJmxReporter JMX 
monitoring for 'solr.node' (registry 'solr.node') enabled at server: 
com.sun.jmx.mbeanserver.JmxMBeanServer@143640d5
2020-04-02 12:58:35.864 INFO  (main) [   ] o.a.s.m.r.SolrJmxReporter JMX 
monitoring for 'solr.jvm' (registry 'solr.jvm') enabled at server: 
com.sun.jmx.mbeanserver.JmxMBeanServer@143640d5
2020-04-02 12:58:35.871 INFO  (main) [   ] o.a.s.m.r.SolrJmxReporter JMX 
monitoring for 'solr.jetty' (registry 'solr.jetty') enabled at server: 
com.sun.jmx.mbeanserver.JmxMBeanServer@143640d5
2020-04-02 12:58:35.915 INFO  (main) [   ] o.a.s.c.CorePropertiesLocator Found 
2 core definitions underneath /var/solr/data

where Am I doing wrong?
 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to