A possible problem might be that your certificate was generated for "localhost" which is why it works when you go to https://localhost:8985/solr in your browser, but when SolrJ gets the cluster information from ZooKeeper the hostnames of the Solr nodes might be using an IP address which won't work when the SSL/TLS negotiation happens.
If this is the problem you will want to specify the hostname for Solr to use when starting each node by passing "-h localhost". -Bryan On Mon, Oct 31, 2016 at 1:05 PM, sandeep mukherjee < wiredcit...@yahoo.com.invalid> wrote: > I followed the steps to make the solr SSL enabled. I'm able to hit solr > at: https://localhost:8985/solr/problem/select?indent=on&q=*:*&wt=json And > for accessing it through Solr Client I created it as > follows:System.setProperty("javax.net.ssl.keyStore", > "/path/to/solr/server/etc/solr-ssl.keystore.jks"); > System.setProperty("javax.net.ssl.keyStorePassword", "secret"); > System.setProperty("javax.net.ssl.trustStore", "/path/to/solr/server/etc/ > solr-ssl.keystore.jks"); > System.setProperty("javax.net.ssl.trustStorePassword", "secret"); > return new CloudSolrClient.Builder() > .withZkHost(solrConfig.getConnectString()).build(); The path to > the keystore and truststore is correct. However I still get the following > error:Caused by: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_45] > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937) > ~[na:1.8.0_45] > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) ~[na:1.8.0_45] > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[na:1.8.0_45] > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478) > ~[na:1.8.0_45] > at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) > ~[na:1.8.0_45] > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) > ~[na:1.8.0_45] > at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) > ~[na:1.8.0_45] > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) > ~[na:1.8.0_45] > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) > ~[na:1.8.0_45] > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) > ~[na:1.8.0_45] > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) > ~[na:1.8.0_45] > at > org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543) > ~[httpclient-4.5.1.jar:4.5.1] > at > org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409) > ~[httpclient-4.5.1.jar:4.5.1] > at org.apache.http.impl.conn.DefaultClientConnectionOperato > r.openConnection(DefaultClientConnectionOperator.java:177) > ~[httpclient-4.5.1.jar:4.5.1] > at org.apache.http.impl.conn.ManagedClientConnectionImpl.open( > ManagedClientConnectionImpl.java:304) ~[httpclient-4.5.1.jar:4.5.1] > at org.apache.http.impl.client.DefaultRequestDirector.tryConnect( > DefaultRequestDirector.java:611) ~[httpclient-4.5.1.jar:4.5.1] > at org.apache.http.impl.client.DefaultRequestDirector.execute( > DefaultRequestDirector.java:446) ~[httpclient-4.5.1.jar:4.5.1] > at > org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882) > ~[httpclient-4.5.1.jar:4.5.1] > at > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) > ~[httpclient-4.5.1.jar:4.5.1] > at > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) > ~[httpclient-4.5.1.jar:4.5.1] > at > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) > ~[httpclient-4.5.1.jar:4.5.1] > at org.apache.solr.client.solrj.impl.HttpSolrClient. > executeMethod(HttpSolrClient.java:495) ~[solr-solrj-6.1.0.jar:6.1.0 > 4726c5b2d2efa9ba160b608d46a977d0a6b83f94 - jpountz - 2016-06-13 09:46:59] > ... 26 common frames omitted > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) > ~[na:1.8.0_45] > at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) > ~[na:1.8.0_45] > at sun.security.validator.Validator.validate(Validator.java:260) > ~[na:1.8.0_45] > at > sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) > ~[na:1.8.0_45] > at > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) > ~[na:1.8.0_45] > at > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) > ~[na:1.8.0_45] > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460) > ~[na:1.8.0_45] > ... 44 common frames omitted > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > at sun.security.provider.certpath.SunCertPathBuilder. > build(SunCertPathBuilder.java:145) ~[na:1.8.0_45] > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) > ~[na:1.8.0_45] > at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) > ~[na:1.8.0_45] > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) > ~[na:1.8.0_45] > ... 50 common frames omitted What am I missing? > ThanksSandeep
