lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sarita Nair <sarita...@yahoo.com>
Subject Re: Solr 4.2.1 SSLInitializationException
Date Wed, 10 Apr 2013 13:35:01 GMT
Hi Uwe,

Thanks for your response.  As I mentioned in my email, I would prefer the application to
not have access to the keystore.
Do you know if there is a way of specifying  a different HttpClient implementation (e.g.
DefaultHttpClient rather than
SystemDefaultHttpClient) ?






________________________________
 From: Uwe Klosa <uwe.klosa@gmail.com>
To: solr-user@lucene.apache.org; Sarita Nair <sarita_jn@yahoo.com> 
Sent: Wednesday, April 10, 2013 2:58 AM
Subject: Re: Solr 4.2.1 SSLInitializationException
 
You have to add two new Java options to your Glassfish config (example if
you use the standard keystore and truststore):

asadmin create-jvm-options -- -Djavax.net.ssl.keyStorePassword=changeit
asadmin create-jvm-options -- -Djavax.net.ssl.trustStorePassword=changeit

/Uwe


On 10 April 2013 03:59, Sarita Nair <sarita_jn@yahoo.com> wrote:

> Hi Chris,
>
> Thanks for your response.
>
> My understanding is that GlassFish specifies the keystore as a system
> property,
> but does not specify the password  in order to protect it from
> snooping. There's
> a keychain that requires a password to be passed from the DAS in order to
> unlock the key for the keystore.
>
> Is there some way to specify a
> different HttpClient implementation (e.g. DefaultHttpClient rather than
> SystemDefaultHttpClient), as we don't want the application to have
> access to the keystore?
>
>
> I have also pasted the entire stack trace below:
>
> 2013-04-09 10:45:06,144 [main] ERROR
> org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check
> solr/home property and the logs
>     2013-04-09 10:45:06,224 [main] ERROR org.apache.solr.core.SolrCore -
> null:org.apache.http.conn.ssl.SSLInitializationException: Failure
> initializing default system SSL context
>     at
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:368)
>     at
> org.apache.http.conn.ssl.SSLSocketFactory.getSystemSocketFactory(SSLSocketFactory.java:204)
>     at
> org.apache.http.impl.conn.SchemeRegistryFactory.createSystemDefault(SchemeRegistryFactory.java:82)
>     at
> org.apache.http.impl.client.SystemDefaultHttpClient.createClientConnectionManager(SystemDefaultHttpClient.java:118)
>     at
> org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:466)
>     at
> org.apache.solr.client.solrj.impl.HttpClientUtil.setMaxConnections(HttpClientUtil.java:179)
>     at
> org.apache.solr.client.solrj.impl.HttpClientConfigurer.configure(HttpClientConfigurer.java:33)
>     at
> org.apache.solr.client.solrj.impl.HttpClientUtil.configureClient(HttpClientUtil.java:115)
>     at
> org.apache.solr.client.solrj.impl.HttpClientUtil.createClient(HttpClientUtil.java:105)
>     at
> org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:134)
>     at
> com.sun.enterprise.glassfish.bootstrap.GlassFishImpl.start(GlassFishImpl.java:79)
>     at
> com.sun.enterprise.glassfish.bootstrap.GlassFishDecorator.start(GlassFishDecorator.java:63)
>     at
> com.sun.enterprise.glassfish.bootstrap.osgi.OSGiGlassFishImpl.start(OSGiGlassFishImpl.java:69)
>     at
> com.sun.enterprise.glassfish.bootstrap.GlassFishMain$Launcher.launch(GlassFishMain.java:117)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>     at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:601)
>     at
> com.sun.enterprise.glassfish.bootstrap.GlassFishMain.main(GlassFishMain.java:97)
>     at com.sun.enterprise.glassfish.bootstrap.ASMain.main(ASMain.java:55)
> Caused by: java.io.IOException: Keystore was tampered with, or password
> was incorrect
>   at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
>     at
> sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
>     at java.security.KeyStore.load(KeyStore.java:1214)
>     at
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
>     at
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
>     ... 50 more
> Caused by: java.security.UnrecoverableKeyException: Password verification
> failed
>     at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
>     ... 54 more
>
>
>
>
>
>
>
>
>
>
>
>
>
> ________________________________
>  From: Chris Hostetter <hossman_lucene@fucit.org>
> To: "solr-user@lucene.apache.org" <solr-user@lucene.apache.org>; Sarita
> Nair <sarita_jn@yahoo.com>
> Sent: Tuesday, April 9, 2013 1:31 PM
> Subject: Re: Solr 4.2.1 SSLInitializationException
>
>
> : Deploying Solr 4.2.1 to GlassFish 3.1.1 results in the error below.  I
> : have seen similar problems being reported with Solr 4.2
>
> Are you trying to use server SSL with glassfish?
>
> can you please post the full stack trace so we can see where this error is
> coming from.
>
> My best guess is that this is coming from the changes made in
> SOLR-4451 to use system defaults correctly when initializing HttpClient,
> which suggets that your problem is exactly what the error message says...
>
>   "Keystore was tampered with, or password was incorrect"
>
> Is it possible that the default keystore password for your JVM (or as
> overridden by glassfish defaults - possibly using the
> "javax.net.ssl.keyStore" sysprop) has a password set on it?  If so you
> need to confiure your JVM with the standard java system properties to
> specify what that password is.
>
>
> http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201303.mbox/%3C1364232676233-4051159.post@n3.nabble.com%3E
>
> :     2013-04-09 10:45:06,144 [main] ERROR
> : org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check
> solr/home property and the logs
> :     2013-04-09 10:45:06,224 [main] ERROR
> : org.apache.solr.core.SolrCore -
> : null:org.apache.http.conn.ssl.SSLInitializationException: Failure
> : initializing default system SSL context
> :     Caused by: java.io.IOException: Keystore was tampered with, or
> password was incorrect
> :   at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
> :     at
> sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
> :     at java.security.KeyStore.load(KeyStore.java:1214)
> :     at
> :
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
> :     at
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
> :     ... 50 more
> : Caused by: java.security.UnrecoverableKeyException: Password
> verification failed
> :     at
> sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
>
> -Hoss
>
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message