I also believe this is due to keystore format confusion. How exactly do you generate your keystore, what is the keystore file named, and do you specify the SOLR_SSL_KEY_STORE_TYPE env?
Jan > 28. mai 2020 kl. 04:03 skrev Zheng Lin Edwin Yeo <edwinye...@gmail.com>: > > Hi Mike, > > Thanks for your reply. > > Yes, I have SSL enabled in 8.2.1 as well. The error is there even it I use > the same certificate for 8.2.1, which was working fine there. > I have also generated the certificate for both 8.2.1 and 8.5.1 by the same > method. > > Is there any changes between these 2 versions that would have affected > this? (Eg: there are changes in the way we generate the certificate) > > Regards, > Edwin > > On Wed, 27 May 2020 at 04:23, Mike Drob <md...@apache.org> wrote: > >> Did you have SSL enabled with 8.2.1? >> >> The error looks common to certificate handling and not specific to Solr. >> >> I would verify that you have no extra characters in your certificate file >> (including line endings) and that the keystore type that you specified >> matches the file you are presenting (JKS or PKCS12) >> >> Mike >> >> On Sat, May 23, 2020 at 10:11 PM Zheng Lin Edwin Yeo <edwinye...@gmail.com >>> >> wrote: >> >>> Hi, >>> >>> I'm trying to upgrade from Solr 8.2.1 to Solr 8.5.1, with Solr SSL >>> Authentication and Authorization. >>> >>> However, I get the following error when I enable SSL. The Solr itself can >>> start up if there is no SSL. The main error that I see is this >>> >>> java.io.IOException: DerInputStream.getLength(): lengthTag=109, too >> big. >>> >>> What could be the reason that causes this? >>> >>> >>> INFO - 2020-05-24 10:38:20.080; >>> org.apache.solr.util.configuration.SSLConfigurations; Setting >>> javax.net.ssl.keyStorePassword >>> INFO - 2020-05-24 10:38:20.081; >>> org.apache.solr.util.configuration.SSLConfigurations; Setting >>> javax.net.ssl.trustStorePassword >>> Waiting up to 120 to see Solr running on port 8983 >>> java.lang.reflect.InvocationTargetException >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) >>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown >> Source) >>> at java.lang.reflect.Method.invoke(Unknown Source) >>> at org.eclipse.jetty.start.Main.invokeMain(Main.java:218) >>> at org.eclipse.jetty.start.Main.start(Main.java:491) >>> at org.eclipse.jetty.start.Main.main(Main.java:77)d >>> Caused by: java.security.PrivilegedActionException: java.io.IOException: >>> DerInputStream.getLength(): lengthTag=109, too big. >>> at java.security.AccessController.doPrivileged(Native Method) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1837) >>> ... 7 more >>> Caused by: java.io.IOException: DerInputStream.getLength(): >> lengthTag=109, >>> too big. >>> at sun.security.util.DerInputStream.getLength(Unknown Source) >>> at sun.security.util.DerValue.init(Unknown Source) >>> at sun.security.util.DerValue.<init>(Unknown Source) >>> at sun.security.util.DerValue.<init>(Unknown Source) >>> at sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source) >>> at java.security.KeyStore.load(Unknown Source) >>> at >>> >>> >> org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:54) >>> at >>> >>> >> org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:1188) >>> at >>> >>> >> org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:323) >>> at >>> >>> >> org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) >>> at >>> >>> >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>> at >>> >>> >> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) >>> at >>> >>> >> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) >>> at >>> >>> >> org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:92) >>> at >>> >>> >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>> at >>> >>> >> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) >>> at >>> >>> >> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) >>> at >>> >>> >> org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:320) >>> at >>> >>> >> org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) >>> at >>> >> org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:231) >>> at >>> >>> >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>> at org.eclipse.jetty.server.Server.doStart(Server.java:385) >>> at >>> >>> >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>> at >>> >>> >> org.eclipse.jetty.xml.XmlConfiguration.lambda$main$0(XmlConfiguration.java:1888) >>> ... 9 more >>> java.lang.reflect.InvocationTargetException >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) >>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown >> Source) >>> at java.lang.reflect.Method.invoke(Unknown Source) >>> at org.eclipse.jetty.start.Main.invokeMain(Main.java:218) >>> at org.eclipse.jetty.start.Main.start(Main.java:491) >>> at org.eclipse.jetty.start.Main.main(Main.java:77) >>> Caused by: java.security.PrivilegedActionException: java.io.IOException: >>> DerInputStream.getLength(): lengthTag=109, too big. >>> at java.security.AccessController.doPrivileged(Native Method) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1837) >>> ... 7 more >>> Caused by: java.io.IOException: DerInputStream.getLength(): >> lengthTag=109, >>> too big. >>> at sun.security.util.DerInputStream.getLength(Unknown Source) >>> at sun.security.util.DerValue.init(Unknown Source) >>> at sun.security.util.DerValue.<init>(Unknown Source) >>> at sun.security.util.DerValue.<init>(Unknown Source) >>> at sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source) >>> at java.security.KeyStore.load(Unknown Source) >>> at >>> >>> >> org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:54) >>> at >>> >>> >> org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:1188) >>> at >>> >>> >> org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:323) >>> at >>> >>> >> org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) >>> at >>> >>> >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>> at >>> >>> >> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) >>> at >>> >>> >> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) >>> at >>> >>> >> org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:92) >>> at >>> >>> >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>> at >>> >>> >> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) >>> at >>> >>> >> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) >>> at >>> >>> >> org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:320) >>> at >>> >>> >> org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) >>> at >>> >> org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:231) >>> at >>> >>> >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>> at org.eclipse.jetty.server.Server.doStart(Server.java:385) >>> at >>> >>> >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>> at >>> >>> >> org.eclipse.jetty.xml.XmlConfiguration.lambda$main$0(XmlConfiguration.java:1888) >>> ... 9 more >>> >>> Usage: java -jar $JETTY_HOME/start.jar [options] [properties] [configs] >>> java -jar $JETTY_HOME/start.jar --help # for more information >>> >>> Regards, >>> Edwin >>> >>
