You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by Sarita Nair <sa...@yahoo.com> on 2013/04/09 19:11:31 UTC
Solr 4.2.1 SSLInitializationException
Hi All,
Deploying Solr 4.2.1 to GlassFish 3.1.1 results in the error below. I have seen similar problems being reported with Solr 4.2
and my take-away was that 4.2.1 contains the necessary fix.
Any help with this will be appreciated.
Thanks!
2013-04-09 10:45:06,144 [main] ERROR
org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check solr/home property and the logs
2013-04-09 10:45:06,224 [main] ERROR
org.apache.solr.core.SolrCore -
null:org.apache.http.conn.ssl.SSLInitializationException: Failure
initializing default system SSL context
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1214)
at
org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
... 50 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
Re: Solr 4.2.1 SSLInitializationException
Posted by Sarita Nair <sa...@yahoo.com>.
:I'm confused ... it seems that you (or GlassFish) has created a
:Catch-22...
Glassfish specifies keystore as a system property, but does not require specifying the password for the keystore as a system property.
GF uses a keychain mechanism, which requires the password to be passed from the DAS to access the keystore.
:In SolrJ client code you can specify whatever HttpClient implementation
:you want. In Solr (for it's use of talking to other nodes in distributed
:search, which is what is indicated in your stack trace)
:SystemDefaultHttpClient is hard coded.
Thanks for the clarification. I am using DefaultHttpClient on the client side, but was hoping that there is a way around SystemDefaultHttpClient, in Solr. Looks like there is isn't any.
Thanks for your help!
________________________________
From: Chris Hostetter <ho...@fucit.org>
To: "solr-user@lucene.apache.org" <so...@lucene.apache.org>; Sarita Nair <sa...@yahoo.com>
Sent: Friday, April 12, 2013 3:07 PM
Subject: Re: Solr 4.2.1 SSLInitializationException
: Thanks for your response. As I mentioned in my email, I would prefer
: the application to not have access to the keystore. Do you know if there
I'm confused ... it seems that you (or GlassFish) has created a
Catch-22...
You say you don't want the application to have access to the keystore, but
aparently you (or glassfish) is explicitly setting javax.net.ssl.keyStore
to tell the application what keystore to use. The keystore you specify
has a password set on it, but you are not telling the application what the
password is, so it can't use that keystore.
If you don't wnat to application to have access to the keystore at all,
have you tried unsetting "javax.net.ssl.keyStore" ?
: is a way of specifying a different HttpClient implementation (e.g.
: DefaultHttpClient rather than SystemDefaultHttpClient) ?
In SolrJ client code you can specify whatever HttpClient implementation
you want. In Solr (for it's use of talking to other nodes in distributed
search, which is what is indicated in your stack trace)
SystemDefaultHttpClient is hard coded.
-Hoss
Re: Solr 4.2.1 SSLInitializationException
Posted by Chris Hostetter <ho...@fucit.org>.
: Thanks for your response. As I mentioned in my email, I would prefer
: the application to not have access to the keystore. Do you know if there
I'm confused ... it seems that you (or GlassFish) has created a
Catch-22...
You say you don't want the application to have access to the keystore, but
aparently you (or glassfish) is explicitly setting javax.net.ssl.keyStore
to tell the application what keystore to use. The keystore you specify
has a password set on it, but you are not telling the application what the
password is, so it can't use that keystore.
If you don't wnat to application to have access to the keystore at all,
have you tried unsetting "javax.net.ssl.keyStore" ?
: is a way of specifying a different HttpClient implementation (e.g.
: DefaultHttpClient rather than SystemDefaultHttpClient) ?
In SolrJ client code you can specify whatever HttpClient implementation
you want. In Solr (for it's use of talking to other nodes in distributed
search, which is what is indicated in your stack trace)
SystemDefaultHttpClient is hard coded.
-Hoss
Re: Solr 4.2.1 SSLInitializationException
Posted by Uwe Klosa <uw...@gmail.com>.
Have you tried to create a HttpSolrServer with this constructor: *
HttpSolrServer<http://lucene.apache.org/solr/4_2_0/solr-solrj/org/apache/solr/client/solrj/impl/HttpSolrServer.html#HttpSolrServer(java.lang.String,
org.apache.http.client.HttpClient)>*(String<http://download.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true>
baseURL,
org.apache.http.client.HttpClient client) ?
/Uwe
On 10 April 2013 15:35, Sarita Nair <sa...@yahoo.com> wrote:
> Hi Uwe,
>
> Thanks for your response. As I mentioned in my email, I would prefer the
> application to not have access to the keystore.
> Do you know if there is a way of specifying a different HttpClient
> implementation (e.g. DefaultHttpClient rather than
> SystemDefaultHttpClient) ?
>
>
>
>
>
>
> ________________________________
> From: Uwe Klosa <uw...@gmail.com>
> To: solr-user@lucene.apache.org; Sarita Nair <sa...@yahoo.com>
> Sent: Wednesday, April 10, 2013 2:58 AM
> Subject: Re: Solr 4.2.1 SSLInitializationException
>
> You have to add two new Java options to your Glassfish config (example if
> you use the standard keystore and truststore):
>
> asadmin create-jvm-options -- -Djavax.net.ssl.keyStorePassword=changeit
> asadmin create-jvm-options -- -Djavax.net.ssl.trustStorePassword=changeit
>
> /Uwe
>
>
> On 10 April 2013 03:59, Sarita Nair <sa...@yahoo.com> wrote:
>
> > Hi Chris,
> >
> > Thanks for your response.
> >
> > My understanding is that GlassFish specifies the keystore as a system
> > property,
> > but does not specify the password in order to protect it from
> > snooping. There's
> > a keychain that requires a password to be passed from the DAS in order to
> > unlock the key for the keystore.
> >
> > Is there some way to specify a
> > different HttpClient implementation (e.g. DefaultHttpClient rather than
> > SystemDefaultHttpClient), as we don't want the application to have
> > access to the keystore?
> >
> >
> > I have also pasted the entire stack trace below:
> >
> > 2013-04-09 10:45:06,144 [main] ERROR
> > org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check
> > solr/home property and the logs
> > 2013-04-09 10:45:06,224 [main] ERROR org.apache.solr.core.SolrCore -
> > null:org.apache.http.conn.ssl.SSLInitializationException: Failure
> > initializing default system SSL context
> > at
> >
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:368)
> > at
> >
> org.apache.http.conn.ssl.SSLSocketFactory.getSystemSocketFactory(SSLSocketFactory.java:204)
> > at
> >
> org.apache.http.impl.conn.SchemeRegistryFactory.createSystemDefault(SchemeRegistryFactory.java:82)
> > at
> >
> org.apache.http.impl.client.SystemDefaultHttpClient.createClientConnectionManager(SystemDefaultHttpClient.java:118)
> > at
> >
> org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:466)
> > at
> >
> org.apache.solr.client.solrj.impl.HttpClientUtil.setMaxConnections(HttpClientUtil.java:179)
> > at
> >
> org.apache.solr.client.solrj.impl.HttpClientConfigurer.configure(HttpClientConfigurer.java:33)
> > at
> >
> org.apache.solr.client.solrj.impl.HttpClientUtil.configureClient(HttpClientUtil.java:115)
> > at
> >
> org.apache.solr.client.solrj.impl.HttpClientUtil.createClient(HttpClientUtil.java:105)
> > at
> >
> org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:134)
> > at
> >
> com.sun.enterprise.glassfish.bootstrap.GlassFishImpl.start(GlassFishImpl.java:79)
> > at
> >
> com.sun.enterprise.glassfish.bootstrap.GlassFishDecorator.start(GlassFishDecorator.java:63)
> > at
> >
> com.sun.enterprise.glassfish.bootstrap.osgi.OSGiGlassFishImpl.start(OSGiGlassFishImpl.java:69)
> > at
> >
> com.sun.enterprise.glassfish.bootstrap.GlassFishMain$Launcher.launch(GlassFishMain.java:117)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
> >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> > at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:601)
> > at
> >
> com.sun.enterprise.glassfish.bootstrap.GlassFishMain.main(GlassFishMain.java:97)
> > at com.sun.enterprise.glassfish.bootstrap.ASMain.main(ASMain.java:55)
> > Caused by: java.io.IOException: Keystore was tampered with, or password
> > was incorrect
> > at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
> > at
> > sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
> > at java.security.KeyStore.load(KeyStore.java:1214)
> > at
> >
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
> > at
> >
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
> > ... 50 more
> > Caused by: java.security.UnrecoverableKeyException: Password verification
> > failed
> > at
> sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
> > ... 54 more
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > ________________________________
> > From: Chris Hostetter <ho...@fucit.org>
> > To: "solr-user@lucene.apache.org" <so...@lucene.apache.org>; Sarita
> > Nair <sa...@yahoo.com>
> > Sent: Tuesday, April 9, 2013 1:31 PM
> > Subject: Re: Solr 4.2.1 SSLInitializationException
> >
> >
> > : Deploying Solr 4.2.1 to GlassFish 3.1.1 results in the error below. I
> > : have seen similar problems being reported with Solr 4.2
> >
> > Are you trying to use server SSL with glassfish?
> >
> > can you please post the full stack trace so we can see where this error
> is
> > coming from.
> >
> > My best guess is that this is coming from the changes made in
> > SOLR-4451 to use system defaults correctly when initializing HttpClient,
> > which suggets that your problem is exactly what the error message says...
> >
> > "Keystore was tampered with, or password was incorrect"
> >
> > Is it possible that the default keystore password for your JVM (or as
> > overridden by glassfish defaults - possibly using the
> > "javax.net.ssl.keyStore" sysprop) has a password set on it? If so you
> > need to confiure your JVM with the standard java system properties to
> > specify what that password is.
> >
> >
> >
> http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201303.mbox/%3C1364232676233-4051159.post@n3.nabble.com%3E
> >
> > : 2013-04-09 10:45:06,144 [main] ERROR
> > : org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr.
> Check
> > solr/home property and the logs
> > : 2013-04-09 10:45:06,224 [main] ERROR
> > : org.apache.solr.core.SolrCore -
> > : null:org.apache.http.conn.ssl.SSLInitializationException: Failure
> > : initializing default system SSL context
> > : Caused by: java.io.IOException: Keystore was tampered with, or
> > password was incorrect
> > : at
> sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
> > : at
> > sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
> > : at java.security.KeyStore.load(KeyStore.java:1214)
> > : at
> > :
> >
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
> > : at
> >
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
> > : ... 50 more
> > : Caused by: java.security.UnrecoverableKeyException: Password
> > verification failed
> > : at
> > sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
> >
> > -Hoss
> >
Re: Solr 4.2.1 SSLInitializationException
Posted by Sarita Nair <sa...@yahoo.com>.
Hi Uwe,
Thanks for your response. As I mentioned in my email, I would prefer the application to not have access to the keystore.
Do you know if there is a way of specifying a different HttpClient implementation (e.g. DefaultHttpClient rather than
SystemDefaultHttpClient) ?
________________________________
From: Uwe Klosa <uw...@gmail.com>
To: solr-user@lucene.apache.org; Sarita Nair <sa...@yahoo.com>
Sent: Wednesday, April 10, 2013 2:58 AM
Subject: Re: Solr 4.2.1 SSLInitializationException
You have to add two new Java options to your Glassfish config (example if
you use the standard keystore and truststore):
asadmin create-jvm-options -- -Djavax.net.ssl.keyStorePassword=changeit
asadmin create-jvm-options -- -Djavax.net.ssl.trustStorePassword=changeit
/Uwe
On 10 April 2013 03:59, Sarita Nair <sa...@yahoo.com> wrote:
> Hi Chris,
>
> Thanks for your response.
>
> My understanding is that GlassFish specifies the keystore as a system
> property,
> but does not specify the password in order to protect it from
> snooping. There's
> a keychain that requires a password to be passed from the DAS in order to
> unlock the key for the keystore.
>
> Is there some way to specify a
> different HttpClient implementation (e.g. DefaultHttpClient rather than
> SystemDefaultHttpClient), as we don't want the application to have
> access to the keystore?
>
>
> I have also pasted the entire stack trace below:
>
> 2013-04-09 10:45:06,144 [main] ERROR
> org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check
> solr/home property and the logs
> 2013-04-09 10:45:06,224 [main] ERROR org.apache.solr.core.SolrCore -
> null:org.apache.http.conn.ssl.SSLInitializationException: Failure
> initializing default system SSL context
> at
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:368)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.getSystemSocketFactory(SSLSocketFactory.java:204)
> at
> org.apache.http.impl.conn.SchemeRegistryFactory.createSystemDefault(SchemeRegistryFactory.java:82)
> at
> org.apache.http.impl.client.SystemDefaultHttpClient.createClientConnectionManager(SystemDefaultHttpClient.java:118)
> at
> org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:466)
> at
> org.apache.solr.client.solrj.impl.HttpClientUtil.setMaxConnections(HttpClientUtil.java:179)
> at
> org.apache.solr.client.solrj.impl.HttpClientConfigurer.configure(HttpClientConfigurer.java:33)
> at
> org.apache.solr.client.solrj.impl.HttpClientUtil.configureClient(HttpClientUtil.java:115)
> at
> org.apache.solr.client.solrj.impl.HttpClientUtil.createClient(HttpClientUtil.java:105)
> at
> org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:134)
> at
> com.sun.enterprise.glassfish.bootstrap.GlassFishImpl.start(GlassFishImpl.java:79)
> at
> com.sun.enterprise.glassfish.bootstrap.GlassFishDecorator.start(GlassFishDecorator.java:63)
> at
> com.sun.enterprise.glassfish.bootstrap.osgi.OSGiGlassFishImpl.start(OSGiGlassFishImpl.java:69)
> at
> com.sun.enterprise.glassfish.bootstrap.GlassFishMain$Launcher.launch(GlassFishMain.java:117)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:601)
> at
> com.sun.enterprise.glassfish.bootstrap.GlassFishMain.main(GlassFishMain.java:97)
> at com.sun.enterprise.glassfish.bootstrap.ASMain.main(ASMain.java:55)
> Caused by: java.io.IOException: Keystore was tampered with, or password
> was incorrect
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
> at
> sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
> at java.security.KeyStore.load(KeyStore.java:1214)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
> ... 50 more
> Caused by: java.security.UnrecoverableKeyException: Password verification
> failed
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
> ... 54 more
>
>
>
>
>
>
>
>
>
>
>
>
>
> ________________________________
> From: Chris Hostetter <ho...@fucit.org>
> To: "solr-user@lucene.apache.org" <so...@lucene.apache.org>; Sarita
> Nair <sa...@yahoo.com>
> Sent: Tuesday, April 9, 2013 1:31 PM
> Subject: Re: Solr 4.2.1 SSLInitializationException
>
>
> : Deploying Solr 4.2.1 to GlassFish 3.1.1 results in the error below. I
> : have seen similar problems being reported with Solr 4.2
>
> Are you trying to use server SSL with glassfish?
>
> can you please post the full stack trace so we can see where this error is
> coming from.
>
> My best guess is that this is coming from the changes made in
> SOLR-4451 to use system defaults correctly when initializing HttpClient,
> which suggets that your problem is exactly what the error message says...
>
> "Keystore was tampered with, or password was incorrect"
>
> Is it possible that the default keystore password for your JVM (or as
> overridden by glassfish defaults - possibly using the
> "javax.net.ssl.keyStore" sysprop) has a password set on it? If so you
> need to confiure your JVM with the standard java system properties to
> specify what that password is.
>
>
> http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201303.mbox/%3C1364232676233-4051159.post@n3.nabble.com%3E
>
> : 2013-04-09 10:45:06,144 [main] ERROR
> : org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check
> solr/home property and the logs
> : 2013-04-09 10:45:06,224 [main] ERROR
> : org.apache.solr.core.SolrCore -
> : null:org.apache.http.conn.ssl.SSLInitializationException: Failure
> : initializing default system SSL context
> : Caused by: java.io.IOException: Keystore was tampered with, or
> password was incorrect
> : at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
> : at
> sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
> : at java.security.KeyStore.load(KeyStore.java:1214)
> : at
> :
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
> : at
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
> : ... 50 more
> : Caused by: java.security.UnrecoverableKeyException: Password
> verification failed
> : at
> sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
>
> -Hoss
>
Re: Solr 4.2.1 SSLInitializationException
Posted by Uwe Klosa <uw...@gmail.com>.
You have to add two new Java options to your Glassfish config (example if
you use the standard keystore and truststore):
asadmin create-jvm-options -- -Djavax.net.ssl.keyStorePassword=changeit
asadmin create-jvm-options -- -Djavax.net.ssl.trustStorePassword=changeit
/Uwe
On 10 April 2013 03:59, Sarita Nair <sa...@yahoo.com> wrote:
> Hi Chris,
>
> Thanks for your response.
>
> My understanding is that GlassFish specifies the keystore as a system
> property,
> but does not specify the password in order to protect it from
> snooping. There's
> a keychain that requires a password to be passed from the DAS in order to
> unlock the key for the keystore.
>
> Is there some way to specify a
> different HttpClient implementation (e.g. DefaultHttpClient rather than
> SystemDefaultHttpClient), as we don't want the application to have
> access to the keystore?
>
>
> I have also pasted the entire stack trace below:
>
> 2013-04-09 10:45:06,144 [main] ERROR
> org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check
> solr/home property and the logs
> 2013-04-09 10:45:06,224 [main] ERROR org.apache.solr.core.SolrCore -
> null:org.apache.http.conn.ssl.SSLInitializationException: Failure
> initializing default system SSL context
> at
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:368)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.getSystemSocketFactory(SSLSocketFactory.java:204)
> at
> org.apache.http.impl.conn.SchemeRegistryFactory.createSystemDefault(SchemeRegistryFactory.java:82)
> at
> org.apache.http.impl.client.SystemDefaultHttpClient.createClientConnectionManager(SystemDefaultHttpClient.java:118)
> at
> org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:466)
> at
> org.apache.solr.client.solrj.impl.HttpClientUtil.setMaxConnections(HttpClientUtil.java:179)
> at
> org.apache.solr.client.solrj.impl.HttpClientConfigurer.configure(HttpClientConfigurer.java:33)
> at
> org.apache.solr.client.solrj.impl.HttpClientUtil.configureClient(HttpClientUtil.java:115)
> at
> org.apache.solr.client.solrj.impl.HttpClientUtil.createClient(HttpClientUtil.java:105)
> at
> org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:134)
> at
> com.sun.enterprise.glassfish.bootstrap.GlassFishImpl.start(GlassFishImpl.java:79)
> at
> com.sun.enterprise.glassfish.bootstrap.GlassFishDecorator.start(GlassFishDecorator.java:63)
> at
> com.sun.enterprise.glassfish.bootstrap.osgi.OSGiGlassFishImpl.start(OSGiGlassFishImpl.java:69)
> at
> com.sun.enterprise.glassfish.bootstrap.GlassFishMain$Launcher.launch(GlassFishMain.java:117)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:601)
> at
> com.sun.enterprise.glassfish.bootstrap.GlassFishMain.main(GlassFishMain.java:97)
> at com.sun.enterprise.glassfish.bootstrap.ASMain.main(ASMain.java:55)
> Caused by: java.io.IOException: Keystore was tampered with, or password
> was incorrect
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
> at
> sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
> at java.security.KeyStore.load(KeyStore.java:1214)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
> ... 50 more
> Caused by: java.security.UnrecoverableKeyException: Password verification
> failed
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
> ... 54 more
>
>
>
>
>
>
>
>
>
>
>
>
>
> ________________________________
> From: Chris Hostetter <ho...@fucit.org>
> To: "solr-user@lucene.apache.org" <so...@lucene.apache.org>; Sarita
> Nair <sa...@yahoo.com>
> Sent: Tuesday, April 9, 2013 1:31 PM
> Subject: Re: Solr 4.2.1 SSLInitializationException
>
>
> : Deploying Solr 4.2.1 to GlassFish 3.1.1 results in the error below. I
> : have seen similar problems being reported with Solr 4.2
>
> Are you trying to use server SSL with glassfish?
>
> can you please post the full stack trace so we can see where this error is
> coming from.
>
> My best guess is that this is coming from the changes made in
> SOLR-4451 to use system defaults correctly when initializing HttpClient,
> which suggets that your problem is exactly what the error message says...
>
> "Keystore was tampered with, or password was incorrect"
>
> Is it possible that the default keystore password for your JVM (or as
> overridden by glassfish defaults - possibly using the
> "javax.net.ssl.keyStore" sysprop) has a password set on it? If so you
> need to confiure your JVM with the standard java system properties to
> specify what that password is.
>
>
> http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201303.mbox/%3C1364232676233-4051159.post@n3.nabble.com%3E
>
> : 2013-04-09 10:45:06,144 [main] ERROR
> : org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check
> solr/home property and the logs
> : 2013-04-09 10:45:06,224 [main] ERROR
> : org.apache.solr.core.SolrCore -
> : null:org.apache.http.conn.ssl.SSLInitializationException: Failure
> : initializing default system SSL context
> : Caused by: java.io.IOException: Keystore was tampered with, or
> password was incorrect
> : at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
> : at
> sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
> : at java.security.KeyStore.load(KeyStore.java:1214)
> : at
> :
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
> : at
> org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
> : ... 50 more
> : Caused by: java.security.UnrecoverableKeyException: Password
> verification failed
> : at
> sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
>
> -Hoss
>
Re: Solr 4.2.1 SSLInitializationException
Posted by Sarita Nair <sa...@yahoo.com>.
Hi Chris,
Thanks for your response.
My understanding is that GlassFish specifies the keystore as a system property,
but does not specify the password in order to protect it from
snooping. There's
a keychain that requires a password to be passed from the DAS in order to unlock the key for the keystore.
Is there some way to specify a
different HttpClient implementation (e.g. DefaultHttpClient rather than
SystemDefaultHttpClient), as we don't want the application to have
access to the keystore?
I have also pasted the entire stack trace below:
2013-04-09 10:45:06,144 [main] ERROR org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check solr/home property and the logs
2013-04-09 10:45:06,224 [main] ERROR org.apache.solr.core.SolrCore - null:org.apache.http.conn.ssl.SSLInitializationException: Failure initializing default system SSL context
at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:368)
at org.apache.http.conn.ssl.SSLSocketFactory.getSystemSocketFactory(SSLSocketFactory.java:204)
at org.apache.http.impl.conn.SchemeRegistryFactory.createSystemDefault(SchemeRegistryFactory.java:82)
at org.apache.http.impl.client.SystemDefaultHttpClient.createClientConnectionManager(SystemDefaultHttpClient.java:118)
at org.apache.http.impl.client.AbstractHttpClient.getConnectionManager(AbstractHttpClient.java:466)
at org.apache.solr.client.solrj.impl.HttpClientUtil.setMaxConnections(HttpClientUtil.java:179)
at org.apache.solr.client.solrj.impl.HttpClientConfigurer.configure(HttpClientConfigurer.java:33)
at org.apache.solr.client.solrj.impl.HttpClientUtil.configureClient(HttpClientUtil.java:115)
at org.apache.solr.client.solrj.impl.HttpClientUtil.createClient(HttpClientUtil.java:105)
at org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:134)
at com.sun.enterprise.glassfish.bootstrap.GlassFishImpl.start(GlassFishImpl.java:79)
at com.sun.enterprise.glassfish.bootstrap.GlassFishDecorator.start(GlassFishDecorator.java:63)
at com.sun.enterprise.glassfish.bootstrap.osgi.OSGiGlassFishImpl.start(OSGiGlassFishImpl.java:69)
at com.sun.enterprise.glassfish.bootstrap.GlassFishMain$Launcher.launch(GlassFishMain.java:117)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at com.sun.enterprise.glassfish.bootstrap.GlassFishMain.main(GlassFishMain.java:97)
at com.sun.enterprise.glassfish.bootstrap.ASMain.main(ASMain.java:55)
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1214)
at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
... 50 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
... 54 more
________________________________
From: Chris Hostetter <ho...@fucit.org>
To: "solr-user@lucene.apache.org" <so...@lucene.apache.org>; Sarita Nair <sa...@yahoo.com>
Sent: Tuesday, April 9, 2013 1:31 PM
Subject: Re: Solr 4.2.1 SSLInitializationException
: Deploying Solr 4.2.1 to GlassFish 3.1.1 results in the error below. I
: have seen similar problems being reported with Solr 4.2
Are you trying to use server SSL with glassfish?
can you please post the full stack trace so we can see where this error is
coming from.
My best guess is that this is coming from the changes made in
SOLR-4451 to use system defaults correctly when initializing HttpClient,
which suggets that your problem is exactly what the error message says...
"Keystore was tampered with, or password was incorrect"
Is it possible that the default keystore password for your JVM (or as
overridden by glassfish defaults - possibly using the
"javax.net.ssl.keyStore" sysprop) has a password set on it? If so you
need to confiure your JVM with the standard java system properties to
specify what that password is.
http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201303.mbox/%3C1364232676233-4051159.post@n3.nabble.com%3E
: 2013-04-09 10:45:06,144 [main] ERROR
: org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check solr/home property and the logs
: 2013-04-09 10:45:06,224 [main] ERROR
: org.apache.solr.core.SolrCore -
: null:org.apache.http.conn.ssl.SSLInitializationException: Failure
: initializing default system SSL context
: Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
: at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
: at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
: at java.security.KeyStore.load(KeyStore.java:1214)
: at
: org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
: at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
: ... 50 more
: Caused by: java.security.UnrecoverableKeyException: Password verification failed
: at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
-Hoss
Re: Solr 4.2.1 SSLInitializationException
Posted by Chris Hostetter <ho...@fucit.org>.
: Deploying Solr 4.2.1 to GlassFish 3.1.1 results in the error below. I
: have seen similar problems being reported with Solr 4.2
Are you trying to use server SSL with glassfish?
can you please post the full stack trace so we can see where this error is
coming from.
My best guess is that this is coming from the changes made in
SOLR-4451 to use system defaults correctly when initializing HttpClient,
which suggets that your problem is exactly what the error message says...
"Keystore was tampered with, or password was incorrect"
Is it possible that the default keystore password for your JVM (or as
overridden by glassfish defaults - possibly using the
"javax.net.ssl.keyStore" sysprop) has a password set on it? If so you
need to confiure your JVM with the standard java system properties to
specify what that password is.
http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201303.mbox/%3C1364232676233-4051159.post@n3.nabble.com%3E
: 2013-04-09 10:45:06,144 [main] ERROR
: org.apache.solr.servlet.SolrDispatchFilter - Could not start Solr. Check solr/home property and the logs
: 2013-04-09 10:45:06,224 [main] ERROR
: org.apache.solr.core.SolrCore -
: null:org.apache.http.conn.ssl.SSLInitializationException: Failure
: initializing default system SSL context
: Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
: at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
: at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
: at java.security.KeyStore.load(KeyStore.java:1214)
: at
: org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:281)
: at org.apache.http.conn.ssl.SSLSocketFactory.createSystemSSLContext(SSLSocketFactory.java:366)
: ... 50 more
: Caused by: java.security.UnrecoverableKeyException: Password verification failed
: at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
-Hoss