Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-14377

Solr with private SSL certificate not working

    XMLWordPrintableJSON

    Details

    • Type: Test
    • Status: Resolved
    • Priority: Major
    • Resolution: Invalid
    • Affects Version/s: 8.4.1
    • Fix Version/s: None
    • Component/s: SolrCLI
    • Labels:
    • Environment:

      Centos 7

      Solr-8.4.1

      java -version
      openjdk version "1.8.0_121"
      OpenJDK Runtime Environment (build 1.8.0_121-b13)
      OpenJDK 64-Bit Server VM (build 25.121-b13, mixed mode)

      Description

      I installed solr-8.4.1 on centos 7, and tried to add SSL certificate to bin/solr.in.sh file.
      ===
      #Enables HTTPS. It is implictly true if you set SOLR_SSL_KEY_STORE. Use this config

      1. to enable https module with custom jetty configuration.
        SOLR_SSL_ENABLED=true
      2. Uncomment to set SSL-related system properties
      3. Be sure to update the paths to the correct keystore for your environment
        *SOLR_SSL_KEY_STORE=/opt/solr/server/solr-ssl.keystore.jks
        SOLR_SSL_KEY_STORE_PASSWORD=mypassword
        SOLR_SSL_TRUST_STORE=/opt/solr/server/solr-ssl.keystore.jks
        SOLR_SSL_TRUST_STORE_PASSWORD=mypassword*
      4. Require clients to authenticate
        SOLR_SSL_NEED_CLIENT_AUTH=false
      5. Enable clients to authenticate (but not require)
        SOLR_SSL_WANT_CLIENT_AUTH=false
      6. Verify client's hostname during SSL handshake
        SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=false
        ===

      Then I restart the server : service solr restart

      Still all the browser says :

      This site can't provide a secure connection localhsot sent an invalid response.
      Try running Windows Network Diagnostics.
      ERR_SSL_PROTOCOL_ERROR

      I checked the logs in /var/solr/logs/solr.log

      2020-04-02 12:58:33.669 INFO (main) [ ] o.e.j.u.log Logging initialized @1856ms to org.eclipse.jetty.util.log.Slf4jLog
      2020-04-02 12:58:33.870 WARN (main) [ ] o.e.j.s.AbstractConnector Ignoring deprecated socket close linger time
      2020-04-02 12:58:33.870 WARN (main) [ ] o.e.j.x.XmlConfiguration Deprecated method public void org.eclipse.jetty.server.ServerConnector.setSoLingerTime(int) in file:///opt/solr-8.4.1/server/etc/jetty-http.xml
      2020-04-02 12:58:33.877 INFO (main) [ ] o.e.j.s.Server jetty-9.4.19.v20190610; built: 2019-06-10T16:30:51.723Z; git: afcf563148970e98786327af5e07c261fda175d3; jvm 1.8.0_121-b13
      2020-04-02 12:58:33.907 INFO (main) [ ] o.e.j.d.p.ScanningAppProvider Deployment monitor file:///opt/solr-8.4.1/server/contexts/ at interval 0
      2020-04-02 12:58:34.238 INFO (main) [ ] o.e.j.w.StandardDescriptorProcessor NO JSP Support for /solr, did not find org.apache.jasper.servlet.JspServlet
      2020-04-02 12:58:34.251 INFO (main) [ ] o.e.j.s.session DefaultSessionIdManager workerName=node0
      2020-04-02 12:58:34.251 INFO (main) [ ] o.e.j.s.session No SessionScavenger set, using defaults
      2020-04-02 12:58:34.254 INFO (main) [ ] o.e.j.s.session node0 Scavenging every 660000ms
      2020-04-02 12:58:34.362 INFO (main) [ ] o.a.s.s.SolrDispatchFilter Using logger factory org.apache.logging.slf4j.Log4jLoggerFactory
      2020-04-02 12:58:34.368 INFO (main) [ ] o.a.s.s.SolrDispatchFilter ___ _ Welcome to Apache Solr™ version 8.4.1
      2020-04-02 12:58:34.368 INFO (main) [ ] o.a.s.s.SolrDispatchFilter / _| ___| | _ Starting in standalone mode on port 8983
      2020-04-02 12:58:34.368 INFO (main) [ ] o.a.s.s.SolrDispatchFilter __ \/ _ \ | '_| Install dir: /opt/solr
      2020-04-02 12:58:34.369 INFO (main) [ ] o.a.s.s.SolrDispatchFilter |__/_/|_| Start time: 2020-04-02T12:58:34.368Z
      2020-04-02 12:58:34.397 INFO (main) [ ] o.a.s.c.SolrResourceLoader Using system property solr.solr.home: /var/solr/data
      2020-04-02 12:58:34.406 INFO (main) [ ] o.a.s.c.SolrXmlConfig Loading container configuration from /var/solr/data/solr.xml
      2020-04-02 12:58:34.499 INFO (main) [ ] o.a.s.c.SolrXmlConfig MBean server found: com.sun.jmx.mbeanserver.JmxMBeanServer@143640d5, but no JMX reporters were configured - adding default JMX reporter.
      2020-04-02 12:58:35.177 INFO (main) [ ] o.a.s.h.c.HttpShardHandlerFactory Host whitelist initialized: WhitelistHostChecker [whitelistHosts=null, whitelistHostCheckingEnabled=true]
      2020-04-02 12:58:35.331 WARN (main) [ ] o.e.j.u.s.S.config Trusting all certificates configured for Client@57eda880[provider=null,keyStore=null,trustStore=null]
      2020-04-02 12:58:35.331 WARN (main) [ ] o.e.j.u.s.S.config No Client EndPointIdentificationAlgorithm configured for Client@57eda880[provider=null,keyStore=null,trustStore=null]
      2020-04-02 12:58:35.548 WARN (main) [ ] o.e.j.u.s.S.config Trusting all certificates configured for Client@423e4cbb[provider=null,keyStore=null,trustStore=null]
      2020-04-02 12:58:35.548 WARN (main) [ ] o.e.j.u.s.S.config No Client EndPointIdentificationAlgorithm configured for Client@423e4cbb[provider=null,keyStore=null,trustStore=null]
      2020-04-02 12:58:35.573 WARN (main) [ ] o.a.s.c.CoreContainer Not all security plugins configured! authentication=disabled authorization=disabled. Solr is only as secure as you make it. Consider configuring authentication/authorization before exposing Solr to users internal or external. See https://s.apache.org/solrsecurity for more info
      2020-04-02 12:58:35.765 INFO (main) [ ] o.a.s.c.TransientSolrCoreCacheDefault Allocating transient cache for 2147483647 transient cores
      2020-04-02 12:58:35.768 INFO (main) [ ] o.a.s.h.a.MetricsHistoryHandler No .system collection, keeping metrics history in memory.
      2020-04-02 12:58:35.864 INFO (main) [ ] o.a.s.m.r.SolrJmxReporter JMX monitoring for 'solr.node' (registry 'solr.node') enabled at server: com.sun.jmx.mbeanserver.JmxMBeanServer@143640d5
      2020-04-02 12:58:35.864 INFO (main) [ ] o.a.s.m.r.SolrJmxReporter JMX monitoring for 'solr.jvm' (registry 'solr.jvm') enabled at server: com.sun.jmx.mbeanserver.JmxMBeanServer@143640d5
      2020-04-02 12:58:35.871 INFO (main) [ ] o.a.s.m.r.SolrJmxReporter JMX monitoring for 'solr.jetty' (registry 'solr.jetty') enabled at server: com.sun.jmx.mbeanserver.JmxMBeanServer@143640d5
      2020-04-02 12:58:35.915 INFO (main) [ ] o.a.s.c.CorePropertiesLocator Found 2 core definitions underneath /var/solr/data

      where Am I doing wrong?
       

        Attachments

        1. image-2020-04-02-18-52-59-662.png
          53 kB
          Ravi Prakash
        2. image-2020-04-02-18-54-16-255.png
          42 kB
          Ravi Prakash

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              raviprakash007 Ravi Prakash
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: