[
https://issues.apache.org/jira/browse/SOLR-14377?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ravi Prakash updated SOLR-14377:
--------------------------------
Attachment: image-2020-04-02-18-52-59-662.png
image-2020-04-02-18-54-16-255.png
> Solr with private SSL certificate not working
> ---------------------------------------------
>
> Key: SOLR-14377
> URL: https://issues.apache.org/jira/browse/SOLR-14377
> Project: Solr
> Issue Type: Test
> Security Level: Public(Default Security Level. Issues are Public)
> Components: SolrCLI
> Affects Versions: 8.4.1
> Environment: Centos 7
> Solr-8.4.1
> java -version
> openjdk version "1.8.0_121"
> OpenJDK Runtime Environment (build 1.8.0_121-b13)
> OpenJDK 64-Bit Server VM (build 25.121-b13, mixed mode)
> Reporter: Ravi Prakash
> Priority: Major
> Labels: SSL
> Attachments: image-2020-04-02-18-52-59-662.png,
> image-2020-04-02-18-54-16-255.png
>
>
> I installed solr-8.4.1 on centos 7, and tried to add SSL certificate to
> bin/solr.in.sh file.
> ===
> #Enables HTTPS. It is implictly true if you set SOLR_SSL_KEY_STORE. Use this
> config
> # to enable https module with custom jetty configuration.
> *SOLR_SSL_ENABLED=true*
> # Uncomment to set SSL-related system properties
> # Be sure to update the paths to the correct keystore for your environment
> *SOLR_SSL_KEY_STORE=/opt/solr/server/solr-ssl.keystore.jks
> SOLR_SSL_KEY_STORE_PASSWORD=mypassword
> SOLR_SSL_TRUST_STORE=/opt/solr/server/solr-ssl.keystore.jks
> SOLR_SSL_TRUST_STORE_PASSWORD=mypassword*
> # Require clients to authenticate
> *SOLR_SSL_NEED_CLIENT_AUTH=false*
> # Enable clients to authenticate (but not require)
> *SOLR_SSL_WANT_CLIENT_AUTH=false*
> # Verify client's hostname during SSL handshake
> *SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=false*
> ===
>
> Then I restart the server : service solr restart
> Still all the browser says :
> This site can't provide a secure connection localhsot sent an invalid
> response.
> Try running Windows Network Diagnostics.
> ERR_SSL_PROTOCOL_ERROR
> I checked the logs in /var/solr/logs/solr.log
> 2020-04-02 12:58:33.669 INFO (main) [ ] o.e.j.u.log Logging initialized
> @1856ms to org.eclipse.jetty.util.log.Slf4jLog
> 2020-04-02 12:58:33.870 WARN (main) [ ] o.e.j.s.AbstractConnector Ignoring
> deprecated socket close linger time
> 2020-04-02 12:58:33.870 WARN (main) [ ] o.e.j.x.XmlConfiguration
> Deprecated method public void
> org.eclipse.jetty.server.ServerConnector.setSoLingerTime(int) in
> file:///opt/solr-8.4.1/server/etc/jetty-http.xml
> 2020-04-02 12:58:33.877 INFO (main) [ ] o.e.j.s.Server
> jetty-9.4.19.v20190610; built: 2019-06-10T16:30:51.723Z; git:
> afcf563148970e98786327af5e07c261fda175d3; jvm 1.8.0_121-b13
> 2020-04-02 12:58:33.907 INFO (main) [ ] o.e.j.d.p.ScanningAppProvider
> Deployment monitor [file:///opt/solr-8.4.1/server/contexts/] at interval 0
> 2020-04-02 12:58:34.238 INFO (main) [ ]
> o.e.j.w.StandardDescriptorProcessor NO JSP Support for /solr, did not find
> org.apache.jasper.servlet.JspServlet
> 2020-04-02 12:58:34.251 INFO (main) [ ] o.e.j.s.session
> DefaultSessionIdManager workerName=node0
> 2020-04-02 12:58:34.251 INFO (main) [ ] o.e.j.s.session No
> SessionScavenger set, using defaults
> 2020-04-02 12:58:34.254 INFO (main) [ ] o.e.j.s.session node0 Scavenging
> every 660000ms
> 2020-04-02 12:58:34.362 INFO (main) [ ] o.a.s.s.SolrDispatchFilter Using
> logger factory org.apache.logging.slf4j.Log4jLoggerFactory
> 2020-04-02 12:58:34.368 INFO (main) [ ] o.a.s.s.SolrDispatchFilter ___
> _ Welcome to Apache Solr™ version 8.4.1
> 2020-04-02 12:58:34.368 INFO (main) [ ] o.a.s.s.SolrDispatchFilter / __|
> ___| |_ _ Starting in standalone mode on port 8983
> 2020-04-02 12:58:34.368 INFO (main) [ ] o.a.s.s.SolrDispatchFilter \__ \/
> _ \ | '_| Install dir: /opt/solr
> 2020-04-02 12:58:34.369 INFO (main) [ ] o.a.s.s.SolrDispatchFilter
> |___/\___/_|_| Start time: 2020-04-02T12:58:34.368Z
> 2020-04-02 12:58:34.397 INFO (main) [ ] o.a.s.c.SolrResourceLoader Using
> system property solr.solr.home: /var/solr/data
> 2020-04-02 12:58:34.406 INFO (main) [ ] o.a.s.c.SolrXmlConfig Loading
> container configuration from /var/solr/data/solr.xml
> 2020-04-02 12:58:34.499 INFO (main) [ ] o.a.s.c.SolrXmlConfig MBean server
> found: com.sun.jmx.mbeanserver.JmxMBeanServer@143640d5, but no JMX reporters
> were configured - adding default JMX reporter.
> 2020-04-02 12:58:35.177 INFO (main) [ ] o.a.s.h.c.HttpShardHandlerFactory
> Host whitelist initialized: WhitelistHostChecker [whitelistHosts=null,
> whitelistHostCheckingEnabled=true]
> 2020-04-02 12:58:35.331 WARN (main) [ ] o.e.j.u.s.S.config Trusting all
> certificates configured for
> Client@57eda880[provider=null,keyStore=null,trustStore=null]
> 2020-04-02 12:58:35.331 WARN (main) [ ] o.e.j.u.s.S.config No Client
> EndPointIdentificationAlgorithm configured for
> Client@57eda880[provider=null,keyStore=null,trustStore=null]
> 2020-04-02 12:58:35.548 WARN (main) [ ] o.e.j.u.s.S.config Trusting all
> certificates configured for
> Client@423e4cbb[provider=null,keyStore=null,trustStore=null]
> 2020-04-02 12:58:35.548 WARN (main) [ ] o.e.j.u.s.S.config No Client
> EndPointIdentificationAlgorithm configured for
> Client@423e4cbb[provider=null,keyStore=null,trustStore=null]
> 2020-04-02 12:58:35.573 WARN (main) [ ] o.a.s.c.CoreContainer Not all
> security plugins configured! authentication=disabled authorization=disabled.
> Solr is only as secure as you make it. Consider configuring
> authentication/authorization before exposing Solr to users internal or
> external. See https://s.apache.org/solrsecurity for more info
> 2020-04-02 12:58:35.765 INFO (main) [ ]
> o.a.s.c.TransientSolrCoreCacheDefault Allocating transient cache for
> 2147483647 transient cores
> 2020-04-02 12:58:35.768 INFO (main) [ ] o.a.s.h.a.MetricsHistoryHandler No
> .system collection, keeping metrics history in memory.
> 2020-04-02 12:58:35.864 INFO (main) [ ] o.a.s.m.r.SolrJmxReporter JMX
> monitoring for 'solr.node' (registry 'solr.node') enabled at server:
> com.sun.jmx.mbeanserver.JmxMBeanServer@143640d5
> 2020-04-02 12:58:35.864 INFO (main) [ ] o.a.s.m.r.SolrJmxReporter JMX
> monitoring for 'solr.jvm' (registry 'solr.jvm') enabled at server:
> com.sun.jmx.mbeanserver.JmxMBeanServer@143640d5
> 2020-04-02 12:58:35.871 INFO (main) [ ] o.a.s.m.r.SolrJmxReporter JMX
> monitoring for 'solr.jetty' (registry 'solr.jetty') enabled at server:
> com.sun.jmx.mbeanserver.JmxMBeanServer@143640d5
> 2020-04-02 12:58:35.915 INFO (main) [ ] o.a.s.c.CorePropertiesLocator
> Found 2 core definitions underneath /var/solr/data
> where Am I doing wrong?
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
