Hi, We have a two node Solr setup(version is 7.2.1) with embedded zookeeper running in Solr Server 1.
We have recently enabled SSL and also enabled basic authentication and RuleBasedAuthorizationPlugin. As part of testing, created new user with admin role and assigned the permissions "collection-admin-read" & “read” to this role. When I try to query a data for any collection name, the system is unable to talk with shards of other server. I am getting the following error in both command line and Solr admin browser. Can someone help me to identify what configurations I am missing? Let me know if you need any more info. Followed this url for SSL setup: https://lucene.apache.org/solr/guide/7_2/enabling-ssl.html Command used: curl --cacert solr-ssl.cacert.pem --user solr:SolrRocks https://solr-node-1:8080/solr/<COLLECTION_NAME>/select?q=*:* Error: { "error":{ "metadata":[ "error-class","org.apache.solr.common.SolrException", "root-error-class","sun.security.provider.certpath.SunCertPathBuilderException"], "msg":"Error trying to proxy request for url: https://solr-node-2:8080/solr/ba_test/select";, "trace":"org.apache.solr.common.SolrException: Error trying to proxy request for url: https://solr-node-2:8080/solr/ba_test/select\n\tat org.apache.solr.servlet.HttpSolrCall.remoteQuery(HttpSolrCall.java:646)\n\tat org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:500)\n\tat org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:382)\n\tat org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:326)\n\tat org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751)\n\tat org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582)\n\tat org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)\n\tat org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)\n\tat org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)\n\tat org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)\n\tat org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)\n\tat org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)\n\tat org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)\n\tat org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)\n\tat org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)\n\tat org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)\n\tat org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)\n\tat org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335)\n\tat org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)\n\tat org.eclipse.jetty.server.Server.handle(Server.java:534)\n\tat org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)\n\tat org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)\n\tat org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)\n\tat org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)\n\tat org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:251)\n\tat org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)\n\tat org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)\n\tat org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)\n\tat org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)\n\tat org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)\n\tat org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)\n\tat org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)\n\tat org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)\n\tat java.lang.Thread.run(Thread.java:748)\nCaused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n\tat sun.security.ssl.Alerts.getSSLException(Alerts.java:192)\n\tat sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)\n\tat sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)\n\tat sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)\n\tat sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)\n\tat sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)\n\tat sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)\n\tat sun.security.ssl.Handshaker.process_record(Handshaker.java:961)\n\tat sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)\n\tat sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)\n\tat sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)\n\tat sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)\n\tat org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)\n\tat org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)\n\tat org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)\n\tat org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)\n\tat org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)\n\tat org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)\n\tat org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)\n\tat org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)\n\tat org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)\n\tat org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)\n\tat org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)\n\tat org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)\n\tat org.apache.solr.servlet.HttpSolrCall.remoteQuery(HttpSolrCall.java:618)\n\t... 33 more\nCaused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n\tat sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)\n\tat sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)\n\tat sun.security.validator.Validator.validate(Validator.java:260)\n\tat sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)\n\tat sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)\n\tat sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)\n\tat sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)\n\t... 53 more\nCaused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\n\tat sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)\n\tat sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)\n\tat java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)\n\tat sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)\n\t... 59 more\n", "code":500}} Regards, Sathish.
