My guess is that you're using a self-signed cert and the certificate path can't be verified. Either that or your cert was signed by a CA that your JVM doesn't recognize. There's a good article about diagnosing SSL problems here:
https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html Good luck! -Scott On Fri, Jan 18, 2019 at 6:03 AM sathish kumar <mailtosathish1...@gmail.com> wrote: > Hi, > Anyone got a chance to have a look at the issue i had posted? > Please throw some inputs. > > -Sathish > > On Fri, 11 Jan 2019, 8:10 pm sathish kumar, <mailtosathish1...@gmail.com> > wrote: > > > Hi, > > > > We have a two node Solr setup(version is 7.2.1) with embedded zookeeper > > running in Solr Server 1. > > > > We have recently enabled SSL and also enabled basic authentication and > > RuleBasedAuthorizationPlugin. > > > > As part of testing, created new user with admin role and assigned the > > permissions "collection-admin-read" & “read” to this role. > > > > When I try to query a data for any collection name, the system is unable > > to talk with shards of other server. > > > > I am getting the following error in both command line and Solr admin > > browser. > > > > Can someone help me to identify what configurations I am missing? Let me > > know if you need any more info. > > > > > > > > Followed this url for SSL setup: > > https://lucene.apache.org/solr/guide/7_2/enabling-ssl.html > > > > Command used: curl --cacert solr-ssl.cacert.pem --user solr:SolrRocks > > https://solr-node-1:8080/solr/<COLLECTION_NAME>/select?q=*:* > > > > > > Error: > > > > { > > > > "error":{ > > > > "metadata":[ > > > > "error-class","org.apache.solr.common.SolrException", > > > > > > > "root-error-class","sun.security.provider.certpath.SunCertPathBuilderException"], > > > > "msg":"Error trying to proxy request for url: > > https://solr-node-2:8080/solr/ba_test/select";, > > > > "trace":"org.apache.solr.common.SolrException: Error trying to proxy > > request for url: https://solr-node-2:8080/solr/ba_test/select\n\tat > > > org.apache.solr.servlet.HttpSolrCall.remoteQuery(HttpSolrCall.java:646)\n\tat > > org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:500)\n\tat > > > org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:382)\n\tat > > > org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:326)\n\tat > > > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751)\n\tat > > > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582)\n\tat > > > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)\n\tat > > > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)\n\tat > > > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)\n\tat > > > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)\n\tat > > > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)\n\tat > > > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)\n\tat > > > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)\n\tat > > > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)\n\tat > > > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)\n\tat > > > org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)\n\tat > > > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)\n\tat > > > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335)\n\tat > > > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)\n\tat > > org.eclipse.jetty.server.Server.handle(Server.java:534)\n\tat > > org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)\n\tat > > > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)\n\tat > > org.eclipse.jetty.io > .AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)\n\tat > > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)\n\tat > > > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:251)\n\tat > > org.eclipse.jetty.io > .AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)\n\tat > > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)\n\tat > > org.eclipse.jetty.io > .SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)\n\tat > > > org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)\n\tat > > > org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)\n\tat > > > org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)\n\tat > > > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)\n\tat > > > org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)\n\tat > > java.lang.Thread.run(Thread.java:748)\nCaused by: > > javax.net.ssl.SSLHandshakeException: > > sun.security.validator.ValidatorException: PKIX path building failed: > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find > > valid certification path to requested target\n\tat > > sun.security.ssl.Alerts.getSSLException(Alerts.java:192)\n\tat > > sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)\n\tat > > sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)\n\tat > > sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)\n\tat > > > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)\n\tat > > > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)\n\tat > > sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)\n\tat > > sun.security.ssl.Handshaker.process_record(Handshaker.java:961)\n\tat > > sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)\n\tat > > > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)\n\tat > > > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)\n\tat > > > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)\n\tat > > > org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)\n\tat > > > org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)\n\tat > > > org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)\n\tat > > > org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)\n\tat > > > org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)\n\tat > > > org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)\n\tat > > > org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)\n\tat > > org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)\n\tat > > > org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)\n\tat > > > org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)\n\tat > > > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)\n\tat > > > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)\n\tat > > > org.apache.solr.servlet.HttpSolrCall.remoteQuery(HttpSolrCall.java:618)\n\t... > > 33 more\nCaused by: sun.security.validator.ValidatorException: PKIX path > > building failed: > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find > > valid certification path to requested target\n\tat > > > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)\n\tat > > > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)\n\tat > > sun.security.validator.Validator.validate(Validator.java:260)\n\tat > > > sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)\n\tat > > > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)\n\tat > > > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)\n\tat > > > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)\n\t... > > 53 more\nCaused by: > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find > > valid certification path to requested target\n\tat > > > sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)\n\tat > > > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)\n\tat > > java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)\n\tat > > > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)\n\t... > > 59 more\n", > > > > "code":500}} > > > > > > > > > > > > Regards, > > > > Sathish. > > > > > > > -- Scott Stults | Founder & Solutions Architect | OpenSource Connections, LLC | 434.409.2780 http://www.opensourceconnections.com
