You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@solr.apache.org by Julian Nikodemus <ni...@gmail.com> on 2021/04/21 05:18:36 UTC

Solr-8.5.1 official certificate javax.servlet.ServletException

Hello,

I'm having some troubles securing Solr-8.5.1 (fresh install on Ubuntu 
20.04 running openjdk11). As soon as I'm providing a keystore (JKS) 
containing an official Certificate-Chain solr stops logging to 
/var/solr/logs/solr.log and prints following error to the browser 
(connection established using https). I also tried to use the same 
keystore in Solr-8.2.0 and Solr-8.8.2 without problems, it just works... 
If I'm providing a selfsigned certificate (or using no SSL/TLS) it works 
like a charm.

HTTP ERROR 404 javax.servlet.UnavailableException: Error processing the 
request. CoreContainer is either not initialized or shutting down.
URI: /solr/
STATUS:    404
MESSAGE:    javax.servlet.UnavailableException: Error processing the 
request. CoreContainer is either not initialized or shutting down.
SERVLET:    default
CAUSED BY:    javax.servlet.ServletException: 
javax.servlet.UnavailableException: Error processing the request. 
CoreContainer is either not initialized or shutting down.
CAUSED BY:    javax.servlet.UnavailableException: Error processing the 
request. CoreContainer is either not initialized or shutting down.
Caused by:

javax.servlet.ServletException: javax.servlet.UnavailableException: 
Error processing the request. CoreContainer is either not initialized or 
shutting down.
     at 
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:162)
     at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
     at 
org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322)
     at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
     at org.eclipse.jetty.server.Server.handle(Server.java:500)
     at 
org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
     at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547)
     at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
     at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:335)
     at 
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
     at 
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
     at 
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
     at 
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
     at 
org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:170)
     at 
org.eclipse.jetty.http2.server.HTTP2ServerConnection.onOpen(HTTP2ServerConnection.java:150)
     at 
org.eclipse.jetty.io.AbstractEndPoint.upgrade(AbstractEndPoint.java:442)
     at 
org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(NegotiatingServerConnection.java:130)
     at 
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
     at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
     at 
org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543)
     at 
org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398)
     at 
org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161)
     at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
     at 
org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
     at 
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806)
     at 
org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938)
     at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.servlet.UnavailableException: Error processing the 
request. CoreContainer is either not initialized or shutting down.
     at 
org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:371)
     at 
org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:352)
     at 
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1596)
     at 
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545)
     at 
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
     at 
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:590)
     at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
     at 
org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
     at 
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1607)
     at 
org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
     at 
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1297)
     at 
org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
     at 
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485)
     at 
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1577)
     at 
org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
     at 
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1212)
     at 
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
     at 
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221)
     at 
org.eclipse.jetty.server.handler.InetAccessHandler.handle(InetAccessHandler.java:177)
     at 
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
     ... 26 more


Only changes done in solr.in.sh:

# Enables HTTPS. It is implictly true if you set SOLR_SSL_KEY_STORE. Use 
this config
# to enable https module with custom jetty configuration.
SOLR_SSL_ENABLED=true
# Uncomment to set SSL-related system properties
# Be sure to update the paths to the correct keystore for your environment
SOLR_SSL_KEY_STORE=etc/solrKey_2020.jks
SOLR_SSL_KEY_STORE_PASSWORD=removed
SOLR_SSL_TRUST_STORE=etc/solrKey_2020.jks
SOLR_SSL_TRUST_STORE_PASSWORD=removed
# Require clients to authenticate
SOLR_SSL_NEED_CLIENT_AUTH=false
# Enable clients to authenticate (but not require)
SOLR_SSL_WANT_CLIENT_AUTH=false
# Verify client's hostname during SSL handshake
#SOLR_SSL_CLIENT_HOSTNAME_VERIFICATION=false
# SSL Certificates contain host/ip "peer name" information that is 
validated by default. Setting
# this to false can be useful to disable these checks when re-using a 
certificate on many hosts
#SOLR_SSL_CHECK_PEER_NAME=true
# Override Key/Trust Store types if necessary
#SOLR_SSL_KEY_STORE_TYPE=PKCS12
#SOLR_SSL_TRUST_STORE_TYPE=PKCS12

What am I doing wrong? Is there any known issue or someone who already 
solved this problem?

-- 

With kind regards

Julian Nikodemus