You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@manifoldcf.apache.org by c....@gmx.de on 2011/02/16 08:08:55 UTC
HTTPS for communication between MCF and Solr
I'm running MCF (version release 0.1) and Solr on a Tomcat server with HTTPS configured (and a self-signed certificate generated by Java keytool).
When trying to crawl data I always get:
---------------------
WARN Error communicating with update request handler: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
---------------------
Is there a way to configure MCF to use a truststore to accept the "insecure" certificate when sending documents to Solr? I've configured a truststore for the server itself but MCF does not seem to use it.
Or are there other possibilities?
thanks in advance
Carina
--
NEU: FreePhone - kostenlos mobil telefonieren und surfen!
Jetzt informieren: http://www.gmx.net/de/go/freephone
Re: HTTPS for communication between MCF and Solr
Posted by Erlend Garåsen <e....@usit.uio.no>.
Thanks for the reply. I found it ("SSL trust certificate list: ...").
Erlend
On 07.03.11 14.03, Karl Wright wrote:
> The certificate gets uploaded on the Server tab. If you don't see an
> upload box on that tab, you probably have an older version of the Solr
> connector.
>
> Thanks,
> Karl
>
> On Mon, Mar 7, 2011 at 7:36 AM, Erlend Garåsen<e....@usit.uio.no> wrote:
>>
>> I have read the Jira ticket with all the comments, but I'm not quite sure
>> how this new functionality works.
>>
>> Where is the certificate supposed to be added? For the web connector, it
>> seems to be possible to upload certificates within the application, But
>> where can I find the same function for the Solr connector?
>>
>> Or should I just add the certificate into my local truststore by using
>> keytool?
>>
>> Erlend
>>
>>
>> On 16.02.11 08.37, Karl Wright wrote:
>>>
>>> The Solr connector does not currently support https. But adding this
>>> functionality is not very hard. If this is functionality you are
>>> looking for, could you create a ticket in Jira?
>>> https://issues.apache.org
>>>
>>> ManifoldCF is unusual in that each connection that supports SSL has
>>> its own trust store. There's support in the ManifoldCF core classes
>>> for such trust stores, which makes it pretty straightforward. The
>>> trickiest part of the whole thing is adding support for your trust
>>> certs to the connector's UI, and for that there are lots of examples
>>> to work with. I'd especially look at the Web Connector, which has a
>>> "trust everything" checkbox you can check, as well as trusting
>>> whatever certs you drop into each connection's trust store.
>>>
>>> When you've decided exactly what it is you need, enter that in the
>>> ticket as well. I don't know if you are in a position to contribute
>>> any work towards ManifoldCF, but if you are, I can help you develop a
>>> patch that I'd be happy to commit. Otherwise, I cannot guarantee
>>> precisely when I'd get to it.
>>>
>>> Thanks,
>>> Karl
>>>
>>> On Wed, Feb 16, 2011 at 2:08 AM,<c....@gmx.de> wrote:
>>>>
>>>> I'm running MCF (version release 0.1) and Solr on a Tomcat server with
>>>> HTTPS configured (and a self-signed certificate generated by Java keytool).
>>>>
>>>> When trying to crawl data I always get:
>>>> ---------------------
>>>> WARN Error communicating with update request handler:
>>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>>>> valid certification path to requested target
>>>> javax.net.ssl.SSLHandshakeException:
>>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>>>> valid certification path to requested target
>>>> ---------------------
>>>>
>>>> Is there a way to configure MCF to use a truststore to accept the
>>>> "insecure" certificate when sending documents to Solr? I've configured a
>>>> truststore for the server itself but MCF does not seem to use it.
>>>> Or are there other possibilities?
>>>>
>>>> thanks in advance
>>>> Carina
>>>> --
>>>> NEU: FreePhone - kostenlos mobil telefonieren und surfen!
>>>> Jetzt informieren: http://www.gmx.net/de/go/freephone
>>>>
>>
>>
>> --
>> Erlend Garåsen
>> Center for Information Technology Services
>> University of Oslo
>> P.O. Box 1086 Blindern, N-0317 OSLO, Norway
>> Ph: (+47) 22840193, Fax: (+47) 22852970, Mobile: (+47) 91380968, VIP: 31050
>>
--
Erlend Garåsen
Center for Information Technology Services
University of Oslo
P.O. Box 1086 Blindern, N-0317 OSLO, Norway
Ph: (+47) 22840193, Fax: (+47) 22852970, Mobile: (+47) 91380968, VIP: 31050
Re: HTTPS for communication between MCF and Solr
Posted by Karl Wright <da...@gmail.com>.
The certificate gets uploaded on the Server tab. If you don't see an
upload box on that tab, you probably have an older version of the Solr
connector.
Thanks,
Karl
On Mon, Mar 7, 2011 at 7:36 AM, Erlend Garåsen <e....@usit.uio.no> wrote:
>
> I have read the Jira ticket with all the comments, but I'm not quite sure
> how this new functionality works.
>
> Where is the certificate supposed to be added? For the web connector, it
> seems to be possible to upload certificates within the application, But
> where can I find the same function for the Solr connector?
>
> Or should I just add the certificate into my local truststore by using
> keytool?
>
> Erlend
>
>
> On 16.02.11 08.37, Karl Wright wrote:
>>
>> The Solr connector does not currently support https. But adding this
>> functionality is not very hard. If this is functionality you are
>> looking for, could you create a ticket in Jira?
>> https://issues.apache.org
>>
>> ManifoldCF is unusual in that each connection that supports SSL has
>> its own trust store. There's support in the ManifoldCF core classes
>> for such trust stores, which makes it pretty straightforward. The
>> trickiest part of the whole thing is adding support for your trust
>> certs to the connector's UI, and for that there are lots of examples
>> to work with. I'd especially look at the Web Connector, which has a
>> "trust everything" checkbox you can check, as well as trusting
>> whatever certs you drop into each connection's trust store.
>>
>> When you've decided exactly what it is you need, enter that in the
>> ticket as well. I don't know if you are in a position to contribute
>> any work towards ManifoldCF, but if you are, I can help you develop a
>> patch that I'd be happy to commit. Otherwise, I cannot guarantee
>> precisely when I'd get to it.
>>
>> Thanks,
>> Karl
>>
>> On Wed, Feb 16, 2011 at 2:08 AM,<c....@gmx.de> wrote:
>>>
>>> I'm running MCF (version release 0.1) and Solr on a Tomcat server with
>>> HTTPS configured (and a self-signed certificate generated by Java keytool).
>>>
>>> When trying to crawl data I always get:
>>> ---------------------
>>> WARN Error communicating with update request handler:
>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>>> valid certification path to requested target
>>> javax.net.ssl.SSLHandshakeException:
>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>>> valid certification path to requested target
>>> ---------------------
>>>
>>> Is there a way to configure MCF to use a truststore to accept the
>>> "insecure" certificate when sending documents to Solr? I've configured a
>>> truststore for the server itself but MCF does not seem to use it.
>>> Or are there other possibilities?
>>>
>>> thanks in advance
>>> Carina
>>> --
>>> NEU: FreePhone - kostenlos mobil telefonieren und surfen!
>>> Jetzt informieren: http://www.gmx.net/de/go/freephone
>>>
>
>
> --
> Erlend Garåsen
> Center for Information Technology Services
> University of Oslo
> P.O. Box 1086 Blindern, N-0317 OSLO, Norway
> Ph: (+47) 22840193, Fax: (+47) 22852970, Mobile: (+47) 91380968, VIP: 31050
>
Re: HTTPS for communication between MCF and Solr
Posted by Erlend Garåsen <e....@usit.uio.no>.
I have read the Jira ticket with all the comments, but I'm not quite
sure how this new functionality works.
Where is the certificate supposed to be added? For the web connector, it
seems to be possible to upload certificates within the application, But
where can I find the same function for the Solr connector?
Or should I just add the certificate into my local truststore by using
keytool?
Erlend
On 16.02.11 08.37, Karl Wright wrote:
> The Solr connector does not currently support https. But adding this
> functionality is not very hard. If this is functionality you are
> looking for, could you create a ticket in Jira?
> https://issues.apache.org
>
> ManifoldCF is unusual in that each connection that supports SSL has
> its own trust store. There's support in the ManifoldCF core classes
> for such trust stores, which makes it pretty straightforward. The
> trickiest part of the whole thing is adding support for your trust
> certs to the connector's UI, and for that there are lots of examples
> to work with. I'd especially look at the Web Connector, which has a
> "trust everything" checkbox you can check, as well as trusting
> whatever certs you drop into each connection's trust store.
>
> When you've decided exactly what it is you need, enter that in the
> ticket as well. I don't know if you are in a position to contribute
> any work towards ManifoldCF, but if you are, I can help you develop a
> patch that I'd be happy to commit. Otherwise, I cannot guarantee
> precisely when I'd get to it.
>
> Thanks,
> Karl
>
> On Wed, Feb 16, 2011 at 2:08 AM,<c....@gmx.de> wrote:
>> I'm running MCF (version release 0.1) and Solr on a Tomcat server with HTTPS configured (and a self-signed certificate generated by Java keytool).
>>
>> When trying to crawl data I always get:
>> ---------------------
>> WARN Error communicating with update request handler: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
>> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
>> ---------------------
>>
>> Is there a way to configure MCF to use a truststore to accept the "insecure" certificate when sending documents to Solr? I've configured a truststore for the server itself but MCF does not seem to use it.
>> Or are there other possibilities?
>>
>> thanks in advance
>> Carina
>> --
>> NEU: FreePhone - kostenlos mobil telefonieren und surfen!
>> Jetzt informieren: http://www.gmx.net/de/go/freephone
>>
--
Erlend Garåsen
Center for Information Technology Services
University of Oslo
P.O. Box 1086 Blindern, N-0317 OSLO, Norway
Ph: (+47) 22840193, Fax: (+47) 22852970, Mobile: (+47) 91380968, VIP: 31050
Re: HTTPS for communication between MCF and Solr
Posted by Karl Wright <da...@gmail.com>.
The Solr connector does not currently support https. But adding this
functionality is not very hard. If this is functionality you are
looking for, could you create a ticket in Jira?
https://issues.apache.org
ManifoldCF is unusual in that each connection that supports SSL has
its own trust store. There's support in the ManifoldCF core classes
for such trust stores, which makes it pretty straightforward. The
trickiest part of the whole thing is adding support for your trust
certs to the connector's UI, and for that there are lots of examples
to work with. I'd especially look at the Web Connector, which has a
"trust everything" checkbox you can check, as well as trusting
whatever certs you drop into each connection's trust store.
When you've decided exactly what it is you need, enter that in the
ticket as well. I don't know if you are in a position to contribute
any work towards ManifoldCF, but if you are, I can help you develop a
patch that I'd be happy to commit. Otherwise, I cannot guarantee
precisely when I'd get to it.
Thanks,
Karl
On Wed, Feb 16, 2011 at 2:08 AM, <c....@gmx.de> wrote:
> I'm running MCF (version release 0.1) and Solr on a Tomcat server with HTTPS configured (and a self-signed certificate generated by Java keytool).
>
> When trying to crawl data I always get:
> ---------------------
> WARN Error communicating with update request handler: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> ---------------------
>
> Is there a way to configure MCF to use a truststore to accept the "insecure" certificate when sending documents to Solr? I've configured a truststore for the server itself but MCF does not seem to use it.
> Or are there other possibilities?
>
> thanks in advance
> Carina
> --
> NEU: FreePhone - kostenlos mobil telefonieren und surfen!
> Jetzt informieren: http://www.gmx.net/de/go/freephone
>